Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features

Yohei Akao, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Attacks on computer systems have become more frequent in recent years. Attacks using kernel root kits pose a particularly serious threat. When a computer system is infected with a kernel root kit, attack detection is difficult. Because of this, handling the attack will be delayed causing an increase in the amount of damage done to the computer system. This paper proposes a new method to detect kernel root kits by monitoring the branch records in kernel space using hardware features of commodity processors. Our method utilizes the fact that many kernel root kits make branches that differ from the usual branches. By introducing our method, it is possible to detect kernel root kits immediately and, thereby, reduce damages to a minimum.

Original languageEnglish
Title of host publicationProceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages721-722
Number of pages2
ISBN (Print)9781479999583
DOIs
Publication statusPublished - Jan 6 2016
Event4th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2015 - Okayama, Japan
Duration: Jul 12 2015Jul 16 2015

Other

Other4th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2015
CountryJapan
CityOkayama
Period7/12/157/16/15

Fingerprint

Computer hardware
Computer systems
Monitoring
Hardware
Malware

Keywords

  • kernel rootkit
  • last branch record
  • security

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Computer Science Applications
  • Computer Vision and Pattern Recognition

Cite this

Akao, Y., & Yamauchi, T. (2016). Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features. In Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015 (pp. 721-722). [7374006] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IIAI-AAI.2015.243

Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features. / Akao, Yohei; Yamauchi, Toshihiro.

Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015. Institute of Electrical and Electronics Engineers Inc., 2016. p. 721-722 7374006.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Akao, Y & Yamauchi, T 2016, Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features. in Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015., 7374006, Institute of Electrical and Electronics Engineers Inc., pp. 721-722, 4th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2015, Okayama, Japan, 7/12/15. https://doi.org/10.1109/IIAI-AAI.2015.243
Akao Y, Yamauchi T. Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features. In Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015. Institute of Electrical and Electronics Engineers Inc. 2016. p. 721-722. 7374006 https://doi.org/10.1109/IIAI-AAI.2015.243
Akao, Yohei ; Yamauchi, Toshihiro. / Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features. Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 721-722
@inproceedings{5b6c7c01aece4bc1aab94d69e748f9ff,
title = "Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features",
abstract = "Attacks on computer systems have become more frequent in recent years. Attacks using kernel root kits pose a particularly serious threat. When a computer system is infected with a kernel root kit, attack detection is difficult. Because of this, handling the attack will be delayed causing an increase in the amount of damage done to the computer system. This paper proposes a new method to detect kernel root kits by monitoring the branch records in kernel space using hardware features of commodity processors. Our method utilizes the fact that many kernel root kits make branches that differ from the usual branches. By introducing our method, it is possible to detect kernel root kits immediately and, thereby, reduce damages to a minimum.",
keywords = "kernel rootkit, last branch record, security",
author = "Yohei Akao and Toshihiro Yamauchi",
year = "2016",
month = "1",
day = "6",
doi = "10.1109/IIAI-AAI.2015.243",
language = "English",
isbn = "9781479999583",
pages = "721--722",
booktitle = "Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Proposal of Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features

AU - Akao, Yohei

AU - Yamauchi, Toshihiro

PY - 2016/1/6

Y1 - 2016/1/6

N2 - Attacks on computer systems have become more frequent in recent years. Attacks using kernel root kits pose a particularly serious threat. When a computer system is infected with a kernel root kit, attack detection is difficult. Because of this, handling the attack will be delayed causing an increase in the amount of damage done to the computer system. This paper proposes a new method to detect kernel root kits by monitoring the branch records in kernel space using hardware features of commodity processors. Our method utilizes the fact that many kernel root kits make branches that differ from the usual branches. By introducing our method, it is possible to detect kernel root kits immediately and, thereby, reduce damages to a minimum.

AB - Attacks on computer systems have become more frequent in recent years. Attacks using kernel root kits pose a particularly serious threat. When a computer system is infected with a kernel root kit, attack detection is difficult. Because of this, handling the attack will be delayed causing an increase in the amount of damage done to the computer system. This paper proposes a new method to detect kernel root kits by monitoring the branch records in kernel space using hardware features of commodity processors. Our method utilizes the fact that many kernel root kits make branches that differ from the usual branches. By introducing our method, it is possible to detect kernel root kits immediately and, thereby, reduce damages to a minimum.

KW - kernel rootkit

KW - last branch record

KW - security

UR - http://www.scopus.com/inward/record.url?scp=84964344462&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84964344462&partnerID=8YFLogxK

U2 - 10.1109/IIAI-AAI.2015.243

DO - 10.1109/IIAI-AAI.2015.243

M3 - Conference contribution

AN - SCOPUS:84964344462

SN - 9781479999583

SP - 721

EP - 722

BT - Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015

PB - Institute of Electrical and Electronics Engineers Inc.

ER -