A new procedure to help system/network administrators identify multiple rootkit infections

Desmond Lobo*, Paul Watters, Xin Wen Wu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

3 Citations (Scopus)

Abstract

Rootkits refer to software that is used to hide the presence of malware from system/network administrators and permit an attacker to take control of a computer. In our previous work, we designed a system that would categorize rootkits based on the hooks that had been created. Focusing on rootkits that use inline function hooking techniques, we showed that our system could successfully categorize a sample of rootkits using unsupervised EM clustering. In this paper, we extend our previous work by outlining a new procedure to help system/network administrators identify the rootkits that have infected their machines. Using a logistic regression model for profiling families of rootkits, we were able to identify at least one of the rootkits that had infected each of the systems that we tested.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationSecond International Conference on Communication Software and Networks
Place of PublicationPiscataway, USA
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages124-128
Number of pages5
ISBN (Print)9780769539614
DOIs
Publication statusPublished - 2010
Externally publishedYes
EventInternational Conference on Communication Software and Networks (2nd: 2010) - Singapore, Singapore
Duration: 26 Feb 201028 Feb 2010

Conference

ConferenceInternational Conference on Communication Software and Networks (2nd: 2010)
Abbreviated titleICCSN 2010
CountrySingapore
CitySingapore
Period26/02/1028/02/10

Keywords

  • Logistic regression
  • Malware
  • Network security
  • Profiling
  • Rootkits

Fingerprint

Dive into the research topics of 'A new procedure to help system/network administrators identify multiple rootkit infections'. Together they form a unique fingerprint.

Cite this