Analysis of Automated Rootkit Detection Methodologies (Paperback)

The focus of this study was to identify, analyze, compare, and evaluate the effectiveness of rootkit detection methodologies. Specifically, two methodologies were studied in depth. The first is the heuristic of statically analyzing kernel module binaries, which attempts to determine whether or not a software module's behavior is malicious, prior to passing it to the operating system. The second methodology analyzed in this paper, the Strider Ghostbuster framework, compares what a computer system believes to be true (i.e., what modules are visible to the OS) to the absolute "truth," which is determined via low-level system programming. The expected results of this comparison should always be equal, unless a malicious tampering on the system is observed. After comparing the effectiveness of detection methodologies on a set of well-known (and publicly available) rootkits, including a very simple rootkit built by the author, the methodologies are compared and their effectiveness is evaluated.

General

Imprint:	Lap Lambert Academic Publishing
Country of origin:	Germany
Release date:	June 2011
First published:	June 2011
Authors:	Eugene Chuvyrov
Dimensions:	229 x 152 x 7mm (L x W x T)
Format:	Paperback - Trade
Pages:	116
ISBN-13:	978-3-8443-8483-3
Categories:	Books > Computing & IT > Computer hardware & operating systems > Operating systems & graphical user interfaces (GUIs) > General
LSN:	3-8443-8483-9
Barcode:	9783844384833

Is the information for this product incomplete, wrong or inappropriate? Let us know about it.

Does this product have an incorrect or missing image? Send us a new image.

Is this product missing categories? Add more categories.

Review This Product

No reviews yet - be the first to create one!