Journal
2021 7TH INTERNATIONAL CONFERENCE ON ENGINEERING AND EMERGING TECHNOLOGIES (ICEET 2021)
Volume -, Issue -, Pages 357-362Publisher
IEEE
DOI: 10.1109/ICEET53442.2021.9659710
Keywords
kernel-level rootkit; kernel rootkit detection; machine learning; stealth malware; detection review
Ask authors/readers for more resources
The kernel is the core part of a computer operating system, and kernel-level rootkits present a significant security threat by hiding their presence and malicious activities. Detection systems based on learning are effective in automatically detecting both known and unknown attacks.
The core part of the computer operating system that plays an important role in managing computer resources is the kernel. One of the most elusive types of malware in recent times that pose significant security threats on the computer operating system kernel is the kernel-level rootkit. The kernel-level rootkit can hide its presence and malicious activities by modifying the kernel control flow, by hooking in the kernel space, or by manipulating the kernel objects. As kernel-level rootkit changes the kernel, it is difficult for user-level security tools to detect the kernel-level rootkit. In the past few years, researchers have proposed and experimented with many detection systems to detect the evolving kernel-level rootkit. A learning-based detection is an excellent approach to automatically detect known and unknown attacks with high accuracy. In this paper, we have reviewed the prior learning-based approaches in the literature that detect the kernel-level rootkit. We have also discussed the strengths and weaknesses of prior learning-based detection approaches against the kernel-level rootkit. The paper ends with open issues, challenges, and future research direction for the kernel-level rootkit detection.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available