Malicious individuals can access a computer network or application thanks to a series of programmes known as rootkit malware. These kernel rootkits use covert methods to conceal the kernel components, various control frameworks, and system activities, making identifying or prohibiting their presence in the target machine challenging. The bulk of rootkit detection and prevention techniques used today are particular to a system and dependent on recognized sources, making them ineffective for growing, evolving, concealed, or unnamed rootkits. This study proposes using the kernel rootkit prevention model using multiclass (KRPMM) system to identify hash values and detect/prevent such rootkits. The file downloaded by the client, who is availing of the service, is not permitted into the node used by the client in the cloud. But, it is redirected to the node wherein the file that has been downloaded and has entered the node anew is examined by a program which is specially coded to test the presence of rootkit in the file by some mechanisms and then comes to a conclusion of either the file being malicious or the file being clean and is free of rootkits. KRPMM tested only 64 rootkits.
Read full abstract