Research and Development of Rootkit
Author(s): ZHANG Yu, LIU Qing-zhong, LI Tao, LUO Zi-qiang, WU Li-hua, Department of Computer Science, Hainan Normal University, Department of Computer Science, Sam Houston State University, College of Computer Science, Sichuan University
Pages: 563-578
Year: 2015 Issue: 4
Journal: Journal of University of Electronic Science and Technology of China
Keyword: evasion attack; forensic analysis; malware; network security; rootkit;
Abstract: Rootkit is a set of programs that allows a permanent or consistent, undetectable presence on network systems. Rootkit can cause serious network security threat since it provides stealth access and software eavesdropping for attackers by modifying the operating system kernel data or changing instruction execution path. Firstly, the basic definition and evolution of Windows Rootkit are introduced, and the Rootkit mechanism and the Windows system kernel components are then analyzed. Thereafter, we discuss Rootkit defense mechanism and detection methods. We conclude with prediction of the trends and further research directions of Rootkit and its defense.
Pages: 563-578
Year: 2015 Issue: 4
Journal: Journal of University of Electronic Science and Technology of China
Keyword: evasion attack; forensic analysis; malware; network security; rootkit;
Abstract: Rootkit is a set of programs that allows a permanent or consistent, undetectable presence on network systems. Rootkit can cause serious network security threat since it provides stealth access and software eavesdropping for attackers by modifying the operating system kernel data or changing instruction execution path. Firstly, the basic definition and evolution of Windows Rootkit are introduced, and the Rootkit mechanism and the Windows system kernel components are then analyzed. Thereafter, we discuss Rootkit defense mechanism and detection methods. We conclude with prediction of the trends and further research directions of Rootkit and its defense.
Related Articles