Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 45513 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Kharrazi, Mehdi
- Abstract:
- During recent decade huge number of new malware samples and their complexity have caused challenges to malware detection procedure. additionally the use of kernel level rootkit has been grew up. while rootkits usually defeat current security products which are cheifly relied on Operating system for gathering information and also running, existing nti-rootkit solutions can not cover all kinds of rootkits.In this work we have studied the problem of kernel-level rootkits in Windows operating system. we believe that focusing on kernel drivers features, will result in an overall view needs for monitoring kernel activity of the rootkits. Thus with regards to proves for lower volume of obfuscation in kernel modules and distrust assumption to existing OS of the rootkit, static approach is chosen to test the power of this kind of light weight analysis in detection procedure. Thus we have defined 50 static features to classify malicious drivers from the legitimate ones. The features do not consider just malicious behaviours, but either benign and suspected behaviours too. Evaluation of our work on a dataset of 2200 rootkit kernel modules against 2220 several legitimate drivers (consisting those can cause false positive in detection) shows above 94% accuracy by C5 tree classification method, which the induced rules are relatively consistent with found behavioral trends
- Keywords:
- Malwares ; Operating System ; Detection ; Kernel-Level Driver ; Antimalware
Digital Object List
محتواي کتاب
Bookmark