☆ 4.7 Article

Back to Static Analysis for Kernel-Level Rootkit Detection

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2014)

Journal

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY

Volume 9, Issue 9, Pages 1465-1476

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC

DOI: 10.1109/TIFS.2014.2337256

Keywords

Malware; rootkit; static analysis; kernel driver

Categories

Computer Science, Theory & Methods Engineering, Electrical & Electronic

Funding

ITRC [12188/500 (91/8/2)]

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

Abstract

Rootkit's main goal is to hide itself and other modules present in the malware. Their stealthy nature has made their detection further difficult, especially in the case of kernel-level rootkits. There have been many dynamic analysis techniques proposed for detecting kernel-level rootkits, while on the other hand, static analysis has not been popular. This is perhaps due to its poor performance in detecting malware in general, which could be attributed to the level of obfuscation employed in binaries which make static analysis difficult if not impossible. In this paper, we make two important observations, first there is usually little obfuscation used in legitimate kernel-level code, as opposed to the malicious kernel-level code. Second, one of the main approaches to penetrate the Windows operating system is through kernel-level drivers. Therefore, by focusing on detecting malicious kernel drivers employed by the rootkit, one could detect the rootkit while avoiding the issues with current detection technique. Given these two observation, we propose a simple static analysis technique with the aim of detecting malicious driver. We first study the current trends in the implementation of kernel-level rookits. Afterward, we proposed a set of features to quantify the malicious behavior in kernel drivers. These features are then evaluated through a set of experiments on 4420 malicious and legitimate drivers, obtaining an accuracy of 98.15% in distinguishing between these drivers.

Authors

I am an author on this paper

Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7

Not enough ratings

Secondary Ratings

Novelty

-

Significance

-

Scientific rigor

-

Rate this paper

Recommended

Article Computer Science, Information Systems

Blue-Pill Oxpecker: A VMI Platform for Transactional Modification

Seyed Mohammad AghamirMohammadAli, Behnam Momeni, Solmaz Salimi, Mehdi Kharrazi

Summary: This article introduces Oxpecker, a virtual machine introspection platform that allows for active modification of the VM's internal state. Oxpecker can detect and neutralize malware threats in the guest OS by monitoring VM state changes. A tool based on Oxpecker is also developed to terminate guest VM processes.

IEEE TRANSACTIONS ON CLOUD COMPUTING (2023)

Add to Collection

Article Computer Science, Information Systems

Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns

M. Benchadi Djafer Yahia, Bojan Batalo, Kazuhiro Fukui

Summary: In this paper, a new framework for classifying and visualizing malware files using subspace-based methods is proposed. The framework utilizes representative image patterns to analyze malware features and uses subspace representation and occlusion sensitivity analysis for visualization. The proposed methods outperform previous techniques and demonstrate high accuracy in malware classification.

IEEE ACCESS (2023)

Add to Collection

Article Computer Science, Theory & Methods

Detecting Hardware-Assisted Virtualization With Inconspicuous Features

Zhi Zhang, Yueqiang Cheng, Yansong Gao, Surya Nepal, Dongxi Liu, Yi Zou

Summary: In recent years, the deployment of virtualization techniques has become more widespread. Hardware-assisted virtualization has significantly enhanced transparency and difficulty in detection. The study identified three low-level inconspicuous features that can be leveraged to effectively detect hardware-assisted virtualization.

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2021)

Add to Collection

Article Computer Science, Artificial Intelligence

Windows malware detection based on static analysis with multiple features

Muhammad Irfan Yousuf, Izza Anwer, Ayesha Riasat, Khawaja Tahir Zia, Suhyun Kim

Summary: The researchers propose a static malware detection system that can detect Portable Executable (PE) malware in Windows environment with high accuracy. By collecting malware samples and extracting relevant information, they combine machine learning, ensemble learning, and dimensionality reduction techniques to construct a system with a detection rate of 99.5% and an error rate of only 0.47%.

PEERJ COMPUTER SCIENCE (2023)

Add to Collection

Proceedings Paper Computer Science, Artificial Intelligence

A Review on Learning-based Detection Approaches of the Kernel-level Rootkit

Mohammad Nadim, David Akopian, Wonjun Lee

Summary: The kernel is the core part of a computer operating system, and kernel-level rootkits present a significant security threat by hiding their presence and malicious activities. Detection systems based on learning are effective in automatically detecting both known and unknown attacks.

2021 7TH INTERNATIONAL CONFERENCE ON ENGINEERING AND EMERGING TECHNOLOGIES (ICEET 2021) (2021)

Add to Collection

Article Computer Science, Information Systems

A Method for Automatic Android Malware Detection Based on Static Analysis and Deep Learning

Mulhem Ibrahim, Bayan Issa, Muhammed Basheer Jasser

Summary: Android is dominating the global smartphone market, leading to a strong need for effective security measures. This research proposes a new method for detecting and classifying Android malware using deep learning models and static analysis, achieving high accuracy in malware detection and classification.

IEEE ACCESS (2022)

Add to Collection

Review Computer Science, Artificial Intelligence

Malware detection using static analysis in Android: a review of FeCO (features, classification, and obfuscation)

Rosmalissa Jusoh, Ahmad Firdaus, Shahid Anwar, Mohd Zamri Osman, Mohd Faaizie Darmawan, Mohd Faizal Ab Razak

Summary: Android is a free open-source operating system widely used by manufacturers to produce mobile devices, but unethical authors often develop malware for various purposes. While practitioners conduct intrusion detection analyses like static analysis, there is a lack of review articles discussing research efforts in this area.

PEERJ COMPUTER SCIENCE (2021)

Add to Collection

Review Computer Science, Information Systems

A Review of State-of-the-Art Malware Attack Trends and Defense Mechanisms

Jannatul Ferdous, Rafiqul Islam, Arash Mahboubi, Md. Zahidul Islam

Summary: This study comprehensively reviews the evolution and current attack trends of malware, and explores the corresponding defense strategies. The findings highlight the increasing sophistication of malware attacks and the need for multilayered security measures. Despite advancements, there are still challenges and research gaps.

IEEE ACCESS (2023)

Add to Collection

Article Computer Science, Hardware & Architecture

Understanding Internet of Things malware by analyzing endpoints in their static artifacts

Jinchun Choi, Afsah Anwar, Abdulrahman Alabduljabbar, Hisham Alasmary, Jeffrey Spaulding, An Wang, Songqing Chen, DaeHun Nyang, Amro Awad, David Mohaisen

Summary: This paper analyzes IoT malware and focuses on endpoints reachable on the public Internet, revealing patterns of affinity between sources and targets of attacks and the exposure of attacks by Internet infrastructure. This investigation provides profound insights into the role of endpoints in IoT malware attacks, deepening our understanding of IoT malware ecosystems and aiding future defenses.

COMPUTER NETWORKS (2022)

Add to Collection

Article Computer Science, Information Systems

Auditing static machine learning anti-Malware tools against metamorphic attacks

Daniel Gibert, Carles Mateu, Jordi Planes, Joao Marques-Silva

Summary: Malicious software poses a serious threat on the internet, with traditional detection methods struggling to keep up. Machine learning and deep learning engines have shown promise in handling complex malware and new variants effectively. Further research is needed to improve classification performance and vulnerabilities to adversarial examples.

COMPUTERS & SECURITY (2021)

Add to Collection

Article Automation & Control Systems

Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

Sumit Kumar, S. Indu, Gurjit Singh Walia

Summary: An optimal solution for the unification of static and dynamic features in Android smartphones is proposed to detect malicious applications. Experimental results show that the suggested solution outperforms existing methods.

INTELLIGENT AUTOMATION AND SOFT COMPUTING (2023)

Add to Collection

Article Computer Science, Artificial Intelligence

PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable

Syed Khurram Jah Rizvi, Warda Aslam, Muhammad Shahzad, Shahzad Saleem, Muhammad Moazam Fraz

Summary: Enterprises are facing challenges in detecting malware through static analysis due to the exponential growth of malware. To address this, machine learning aided static analysis for malware detection has become a focus of research to achieve early stage detection and improve accuracy.

COMPLEX & INTELLIGENT SYSTEMS (2022)

Add to Collection

Article Computer Science, Software Engineering

RAPSAMS: Robust affinity propagation clustering on static android malware stream

Matin Katebi, Afshin RezaKhani, Saba Joudaki, Mohammad Ebrahim Shiri

Summary: This article proposes RAPSAMS, a method that extends affinity propagation clustering to robustly cluster malware streams. The approach uses AP for clustering samples and introduces adversarial examples to attack the clustering algorithm and create a robust defense. The proposed method addresses the challenges of finding appropriate representations for clustering and managing patterns with different distributions. Experimental results demonstrate the adaptability and effectiveness of the proposed methods. AP clustering is shown to be robust against label flipping attacks.

CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE (2022)

Add to Collection

Article Engineering, Civil

Comparative Analysis of Vehicle-Based and Driver-Based Features for Driver Drowsiness Monitoring by Support Vector Machines

Mohamed Hedi Baccour, Frauke Driewer, Tim Schaeck, Enkelejda Kasneci

Summary: Driver drowsiness poses a significant threat to road safety. This study compares the performance of indirect and direct driver monitoring systems (DMSs) in detecting drowsiness. The direct DMS, utilizing a driver monitoring camera, outperforms the indirect DMS, which uses vehicle-based features, achieving a balanced accuracy of 87.1% compared to 77.9%. The hybrid DMS, combining vehicle-based and driver-based features, achieves a slightly higher balanced accuracy of 87.7%. This work emphasizes the importance of developing and using direct or hybrid DMSs to enhance road safety.

IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS (2022)

Add to Collection

Article Computer Science, Information Systems

Malware Analysis in IoT & Android Systems with Defensive Mechanism

Chandra Shekhar Yadav, Jagendra Singh, Aruna Yadav, Himansu Sekhar Pattanayak, Ravindra Kumar, Arfat Ahmad Khan, Mohd Anul Haq, Ahmed Alhussen, Sultan Alharby

Summary: The Internet of Things (IoT) and Android operating system have made advanced technology accessible to the general public. This article provides a comprehensive study of the IoT and Android systems, including different attack classifications and mitigation strategies. It highlights the importance of secure application design and explores malware detection methods. This study expands the understanding of application-hardening strategies and aims to help experts and researchers design more efficient and robust solutions. It also discusses attack vectors and mitigation strategies for developers and the open domain.

ELECTRONICS (2022)

Add to Collection

Article Computer Science, Software Engineering

A composite-metric based path selection technique for the Tor anonymity network

Sadegh Momeni Milajerdi, Mehdi Kharrazi

JOURNAL OF SYSTEMS AND SOFTWARE (2015)

Add to Collection

Article Computer Science, Interdisciplinary Applications

Partov: a network simulation and emulation tool

B. Momeni, M. Kharrazi

JOURNAL OF SIMULATION (2016)

Add to Collection

Article Education, Scientific Disciplines

Improving a Computer Networks Course Using the Partov Simulation Engine

Behnam Momeni, Mehdi Kharrazi

IEEE TRANSACTIONS ON EDUCATION (2012)

Add to Collection

Article Computer Science, Theory & Methods

Payload Attribution via Character Dependent Multi-Bloom Filters

Mohammad Hashem Haghighat, Mehdi Tavakoli, Mehdi Kharrazi

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2013)

Add to Collection

Article Computer Science, Software Engineering

LDMBL: An architecture for reducing code duplication in heavyweight binary instrumentations

Behnam Momeni, Mehdi Kharrazi

SOFTWARE-PRACTICE & EXPERIENCE (2018)

Add to Collection

Article Engineering, Multidisciplinary

Twinner: A framework for automated software deobfuscation

B. Momeni, M. Kharrazi

SCIENTIA IRANICA (2019)

Add to Collection

Article Engineering, Multidisciplinary

Detection of fast-flux botnets through DNS traffic analysis

E. Soltanaghaei, M. Kharrazi

SCIENTIA IRANICA (2015)

Add to Collection

Article Engineering, Electrical & Electronic

Performance study of common image steganography and steganalysis techniques

Mehdi Kharrazi, Husrev T. Sencar, Nasir Mernon

JOURNAL OF ELECTRONIC IMAGING (2006)

Add to Collection

Article Engineering, Electrical & Electronic

Image steganalysis with binary similarity measures

I Avcibas, M Kharrazi, N Memon, B Sankur

EURASIP JOURNAL ON APPLIED SIGNAL PROCESSING (2005)

Add to Collection

No Data Available

© Peeref 2019-2024. All rights reserved.