2011
DOI: 10.1109/tdsc.2010.38
|View full text |Cite
|
Sign up to set email alerts
|

Detecting Kernel-Level Rootkits Using Data Structure Invariants

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
38
0

Year Published

2012
2012
2018
2018

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 65 publications
(38 citation statements)
references
References 25 publications
0
38
0
Order By: Relevance
“…Perhaps the most research work relevant to the proposed approach was presented in [31]. Gibraltar by Baliga et al takes advantage of data structure invariant inferences by generating a graph of kernel objects in memory and, then, derives constraints over the object data.…”
Section: Discussionmentioning
confidence: 99%
“…Perhaps the most research work relevant to the proposed approach was presented in [31]. Gibraltar by Baliga et al takes advantage of data structure invariant inferences by generating a graph of kernel objects in memory and, then, derives constraints over the object data.…”
Section: Discussionmentioning
confidence: 99%
“…In study of research literature, one of the major methods of malware detection that has emerged over the years is Linux memory forensics [1] [2]. A number of authors have described novel detection systems using Memory Forensics, or using kernel data structure invariants as a reference frame to identify rootkit intrusions [3] [4]. The goal of this test technology is to facilitate threat assessment of malware, to understand its goals, and degrade impact on the compromised systems [5].…”
Section: Introductionmentioning
confidence: 99%
“…The work in [5,6] is also used to detect kernel rootkits. The work in [5] monitors invariants in controlled flow transferring and constant relationships in data of uncontrolled flow.…”
Section: Introductionmentioning
confidence: 99%
“…The work in [5] monitors invariants in controlled flow transferring and constant relationships in data of uncontrolled flow. The work in [6] adopts the Daikon tool to deduce invariants from data structures which are extracted from memory pages and monitors these invariants to determine the state of kernels.…”
Section: Introductionmentioning
confidence: 99%