Sharif Digital Repository

During recent decade huge number of new malware samples and their complexity have caused challenges to malware detection procedure. additionally the use of kernel level rootkit has been grew up. while rootkits usually defeat current security products which are cheifly relied on Operating system for gathering information and also running, existing nti-rootkit solutions can not cover all kinds of rootkits.In this work we have studied the problem of kernel-level rootkits in Windows operating system. we believe that focusing on kernel drivers features, will result in an overall view needs for monitoring kernel activity of the rootkits. Thus with regards to proves for lower volume of obfuscation...