|
Published Articles >> Table of Contents >> Abstract
Second IEEE International Information Assurance Workshop (IWIA'04)
p. 107
A Methodology to Detect and Characterize Kernel Level Rootkit Exploits Involving Redirection of the System Call Table
John Levine, Georgia Institute of Technology
Julian Grizzard, Georgia Institute of Technology
Henry Owen, Georgia Institute of Technology
Full Article Text:
  
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IWIA.2004.1288042
Send link to a friend
| Abstract |
|
There is no standardized methodology at present to characterize rootkits that compromise the security of computer systems. The ability to characterize rootkits will provide system administrators with information so that they can take the best possible recovery actions and may also help to detect additional instances and prevent the further installation of the rootkit allowing the security community to react faster to new rootkit exploits. There are limited capabilities at present to detect rootkits, but in most cases these capabilities only indicate that a system is infected without identifying the specific rootkit. We propose a mathematical framework for classifying rootkit exploits as existing, modifications to existing, or entirely new. An in-depth analysis of a particular type of kernel rootkit is conducted in order to develop a characterization. As a result of this characterization and analysis, we propose some new methods to detect this particular class of rootkit exploit.
|
 Additional Information
|
Citation:
John Levine, Julian Grizzard, Henry Owen,
"A Methodology to Detect and Characterize Kernel Level Rootkit Exploits Involving Redirection of the System Call Table,"
iwia,
p. 107,
Second IEEE International Information Assurance Workshop (IWIA'04),
2004
|
|
