A New Procedure to Help System/Network Administrators Identify Multiple Rootkit Infections
| File | Size | Format | |
|---|---|---|---|
| 68261_1.pdf | 302Kb | Adobe PDF | View |
| Title | A New Procedure to Help System/Network Administrators Identify Multiple Rootkit Infections |
|---|---|
| Author | Lobo, Desmond; Watters, Paul; Wu, Xin-Wen |
| Publication Title | Proceedings of the 2010 Second International Conference on Communication Software and Networks |
| Editor | ICCSN |
| Year Published | 2010 |
| Place of publication | Washington, DC, USA |
| Publisher | IEEE Computer Society |
| Abstract | Rootkits refer to software that is used to hide the presence of malware from system/network administrators and permit an attacker to take control of a computer. In our previous work, we designed a system that would categorize rootkits based on the hooks that had been created. Focusing on rootkits that use inline function hooking techniques, we showed that our system could successfully categorize a sample of rootkits using unsupervised EM clustering. In this paper, we extend our previous work by outlining a new procedure to help system/network administrators identify the rootkits that have infected their machines. Using a logistic regression model for profiling families of rootkits, we were able to identify at least one of the rootkits that had infected each of the systems that we tested. |
| Peer Reviewed | Yes |
| Published | Yes |
| Alternative URI | http://dx.doi.org/10.1109/ICCSN.2010.14 |
| Copyright Statement | Copyright 2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. |
| ISBN | 978-1-4244-5726-7 |
| Conference name | 2010 International Conference on Communication Software and Networks |
| Location | Singapore |
| Date From | 2010-02-26 |
| Date To | 2010-02-28 |
| URI | http://hdl.handle.net/10072/37697 |
| Date Accessioned | 2011-02-10 |
| Date Available | 2012-09-02T23:02:19Z |
| Language | en_US |
| Research Centre | Institute for Integrated and Intelligent Systems |
| Faculty | Faculty of Science, Environment, Engineering and Technology |
| Subject | PRE2009-Data Security |
| Publication Type | Conference Publications (Full Written Paper - Refereed) |
| Publication Type Code | e1x |
Please use this identifier to cite this record: http://hdl.handle.net/10072/37697
Griffith University copyright notice
Copyright in individual works within the repository belongs to their authors or publishers. You may make a print or digital copy of a work for your personal non-commercial use. All other rights are reserved, except for fair dealings or other user rights granted by the copyright laws of your country.
Footer information
Back to top