Abstract
Existing techniques to detect kernel-level rootkits expose some infections, but they don't identify specific attacks. This rootkit categorization approach helps system administrators identify the extent of specific infections, aiding in optimal recovery and faster reactions to future attacks. The authors present a framework to detect and classify rootkits and discuss a methodology for determining if a system has been infected by a kernel-level rootkit. Once infection is established, administrators can create new signatures for kernel-level rootkits to detect them. The authors conducted their research on a Red Hat Linux-based system, but the methodology is applicable to other Linux distributions based on the standard Linux kernel. They also believe the method can apply to other Unix- and Windows-based systems.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
