Abstract
Contemporary malware authors attempt many ways to make its products “invisible” for antymalware programs, and after infection deeply conceal its operation from users sight. The presence of concealed malware can be detected many ways. Most of them operate “on demand” and provides high scanning overload of the system, blocking the chances for normal users operation. The paper presents new method of rootkit operation detection, suitable for continuous operation, based on the analysis of network activity pictures viewed from two sources (internal and external to system), along with the results of method tests on virtual machines infected with the selected rootkits code samples.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Shields, T.: Survey of Rootkit Technologies and Their Impact on Digital Forensics, http://www.donkeyonawaffle.org/misc/txs-rootkits_and_digital_forensics.pdf
Naraine, R.: Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes, http://www.eweek.com/c/a/Security/Microsoft-Stealth-Rootkits-Are-Bombarding-XP-SP2-Boxes/
Josse, S.: Rootkit detection from outside the Matrix. Journal in Computer Virology 3(2), 113–123 (2007)
Geist, M.: Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware on Your Computer, http://www.michaelgeist.ca/content/view/6777/125/
Brown, B.: Sony BMG rootkit scandal: 5 years later, http://www.networkworld.com/news/2010/110110-sonybmg-rootkit-fsecure-drm.html
Rozas, C., Khosravi, H., Sunder, D.K., Bulygin, Y.: Enhanced detection of malware. Intel Technology Journal 13(2) (2009)
King, S.T., Chen, P.M.: SubVirt: implementing malware with virtual machines. In: 2006 IEEE Symposium on: Security and Privacy, pp. 315–327 (May 2006)
Tsaur, W.-J.: Strengthening digital rights management using a new driver-hidden rootkit. IEEE Transactions on Consumer Electronics 58(2), 479–483 (2012)
Gorawski, M., Marks, P.: Towards Reliability and Fault-Tolerance of Distributed Stream Processing System. In: International Conference on Dependability of Computer Systems (DepCoS – RELCOMEX 2007), pp. 246–253. IEEE, Szklarska (2007)
Gorawski, M., Marks, P.: Checkpoint-based resumption in data warehouses. In: Sacha, K. (ed.) IFIP Software Engineering Techniques, Design for Quality, vol. 227, pp. 313–323. Springer, Boston (2006)
McAfee: Rootkits. Part 1 of 3: The growing threat, http://download.nai.com/Products/mcafee-avert/whitepapers/akapoor_rootkits1.pdf
ARGUS – Auditing Network Activity, http://www.qosient.com/argus
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Skrzewski, M. (2013). Monitoring System’s Network Activity for Rootkit Malware Detection. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2013. Communications in Computer and Information Science, vol 370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38865-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-38865-1_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38864-4
Online ISBN: 978-3-642-38865-1
eBook Packages: Computer ScienceComputer Science (R0)