- Title
- A new procedure to help system/network administrators identify multiple rootkit infections
- Creator
- Lobo, Desmond; Watters, Paul; Wu, Xinwen
- Date
- 2010
- Type
- Text; Conference paper
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/42030
- Identifier
- vital:3247
- Identifier
-
https://doi.org/10.1109/ICCSN.2010.14
- Identifier
- ISBN:9780769539614
- Abstract
- Rootkits refer to software that is used to hide the presence of malware from system/network administrators and permit an attacker to take control of a computer. In our previous work, we designed a system that would categorize rootkits based on the hooks that had been created. Focusing on rootkits that use inline function hooking techniques, we showed that our system could successfully categorize a sample of rootkits using unsupervised EM clustering. In this paper, we extend our previous work by outlining a new procedure to help system/network administrators identify the rootkits that have infected their machines. Using a logistic regression model for profiling families of rootkits, we were able to identify at least one of the rootkits that had infected each of the systems that we tested. © 2010 IEEE.
- Publisher
- Singapore : IEEE
- Relation
- Paper presented at 2nd International Conference on Communication Software and Networks, ICCSN 2010, Singapore : 26th-28th February 2010 p. 124-128
- Rights
- Copyright IEEE
- Rights
- Open Access
- Rights
- This metadata is freely available under a CCO license
- Subject
- Logistic regression; Malware; Network security; Profiling; Rootkits
- Full Text
- Hits: 1782
- Visitors: 1962
- Downloads: 233
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Published version | 297 KB | Adobe Acrobat PDF | View Details Download |