Operating system kernel malware characterization using data-centric approach
Malicious software or malware is any malicious code in software that can be used to compromise computer operations, gather sensitive information, gain access to private computer resources and do any illegitimate action on data, host or networks. In this modern technology, malware is rapidly evolved...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2018
|
Online Access: | http://psasir.upm.edu.my/id/eprint/68910/1/FSKTM%202018%2029%20-%20IR.pdf http://psasir.upm.edu.my/id/eprint/68910/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Malicious software or malware is any malicious code in software that can be used to compromise computer operations, gather sensitive information, gain access to private computer resources and do any illegitimate action on data, host or networks. In this modern technology, malware is rapidly evolved through various stealth techniques to avoid detection. Malware is able to infect and exploit resource from various system platforms. Those evolvements and advanced trick caused code-centric approach becomes less-effective. Especially when the code-centric approach is used to detect OS kernel malware, the approach becomes inflexible as they are good in hiding themselves and cover up their track. Moreover, OS kernel malware also is able to circumvent detection by varying the pattern of code execution. Therefore, this project is proposing a quite brand new approach which is data-centric approach by characterizing the OS kernel malware. This approach tries to detect OS rootkits based on trace pattern found in memory dump content. In order to implement this approach, a Data-Centric OS Kernel Malware Characterization framework is being used. This framework consists of two main components. The first component in this framework is a Dataset of Rootkits Characterization that will create dataset by identifying memory dump content that indicates the trace of rootkits. The second component which is Determine the Rootkits Presence that able to detect rootkits based on signature created on component one. By collecting the benign and malicious sample, an analysis is being done to create the rootkits signature. This approach is able to detect and calculate the percentage of unknown samples. As for future enhancement, it is better to use more benign and malicious sample to be analyzed. This will increase the accuracy of the result and get more valid rootkits signature. |
---|