Abstract
Attacks on computer systems have become more frequent in recent years. Attacks using kernel root kits pose a particularly serious threat. When a computer system is infected with a kernel root kit, attack detection is difficult. Because of this, handling the attack will be delayed causing an increase in the amount of damage done to the computer system. This paper proposes a new method to detect kernel root kits by monitoring the branch records in kernel space using hardware features of commodity processors. Our method utilizes the fact that many kernel root kits make branches that differ from the usual branches. By introducing our method, it is possible to detect kernel root kits immediately and, thereby, reduce damages to a minimum.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2015 IIAI 4th International Congress on Advanced Applied Informatics, IIAI-AAI 2015 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 721-722 |
| Number of pages | 2 |
| ISBN (Print) | 9781479999583 |
| DOIs | |
| Publication status | Published - Jan 6 2016 |
| Event | 4th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2015 - Okayama, Japan Duration: Jul 12 2015 → Jul 16 2015 |
Other
| Other | 4th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2015 |
|---|---|
| Country/Territory | Japan |
| City | Okayama |
| Period | 7/12/15 → 7/16/15 |
Keywords
- kernel rootkit
- last branch record
- security
ASJC Scopus subject areas
- Information Systems
- Computer Networks and Communications
- Computer Science Applications
- Computer Vision and Pattern Recognition