Abstract
Rootkits refer to software that is used to hide the presence of malware from system/network administrators and permit an attacker to take control of a computer. In our previous work, we designed a system that would categorize rootkits based on the hooks that had been created. Focusing on rootkits that use inline function hooking techniques, we showed that our system could successfully categorize a sample of rootkits using unsupervised EM clustering. In this paper, we extend our previous work by outlining a new procedure to help system/network administrators identify the rootkits that have infected their machines. Using a logistic regression model for profiling families of rootkits, we were able to identify at least one of the rootkits that had infected each of the systems that we tested.
| Original language | English |
|---|---|
| Title of host publication | Proceedings |
| Subtitle of host publication | Second International Conference on Communication Software and Networks |
| Place of Publication | Piscataway, USA |
| Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
| Pages | 124-128 |
| Number of pages | 5 |
| ISBN (Print) | 9780769539614 |
| DOIs | |
| Publication status | Published - 2010 |
| Externally published | Yes |
| Event | International Conference on Communication Software and Networks (2nd: 2010) - Singapore, Singapore Duration: 26 Feb 2010 → 28 Feb 2010 |
Conference
| Conference | International Conference on Communication Software and Networks (2nd: 2010) |
|---|---|
| Abbreviated title | ICCSN 2010 |
| Country/Territory | Singapore |
| City | Singapore |
| Period | 26/02/10 → 28/02/10 |
Keywords
- Logistic regression
- Malware
- Network security
- Profiling
- Rootkits
Fingerprint
Dive into the research topics of 'A new procedure to help system/network administrators identify multiple rootkit infections'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver