Abstract
The core part of the operating system is the kernel, and it plays an important role in managing critical data structure resources for correct operations. The kernel-level rootkits are the most elusive type of malware that can modify the running OS kernel in order to hide its presence and perform many malicious activities such as process hiding, module hiding, network communication hiding, and many more. In the past years, many approaches have been proposed to detect kernel-level rootkit. Still, it is challenging to detect new attacks and properly categorize the kernel-level rootkits. Memory forensic approaches showed efficient results with the limitation against transient attacks. Cross-view-based and integrity monitoring-based approaches have their own weaknesses. A learning-based detection approach is an excellent way to solve these problems. In this paper, we give an insight into the kernel-level rootkit characteristic features and how the features can be represented to train learning-based models in order to detect known and unknown attacks. Our feature set combined the memory forensic, cross-view, and integrity features to train learning-based detection models. We also suggest useful tools that can be used to collect the characteristics features of the kernel-level rootkit.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.