KRGuard: Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features

Yohei Akao, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when the operating system kernel is infected with a kernel rootkit. For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system. In this paper, we discuss KRGuard (Kernel Rootkits Guard), which is a new method to detect kernel rootkits that monitors branch records in the kernel space. Since many kernel rootkits make branches that differ from the usual branches in the kernel space, KRGuard can detect these differences by using hardware features of commodity processors. Our evaluation shows that KRGuard can detect kernel rootkits with small overhead.

Original languageEnglish
Title of host publicationICISS 2016 - 2016 International Conference on Information Science and Security
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509054930
DOIs
Publication statusPublished - Mar 23 2017
Event3rd International Conference on Information Science and Security, ICISS 2016 - Pattaya, Thailand
Duration: Dec 19 2016Dec 22 2016

Other

Other3rd International Conference on Information Science and Security, ICISS 2016
CountryThailand
CityPattaya
Period12/19/1612/22/16

    Fingerprint

Keywords

  • Kernel rootkit
  • Last branch record
  • Operating system
  • Security

ASJC Scopus subject areas

  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

Akao, Y., & Yamauchi, T. (2017). KRGuard: Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features. In ICISS 2016 - 2016 International Conference on Information Science and Security [7885860] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICISSEC.2016.7885860