Open Access Open Access  Restricted Access Subscription Access

Detection of Hidden Processes Caused by Volatile Kernel Rootkits in Cloud Environments

Dr. Harish Joshi, Prof. ASHOK BAWGE, Prof. UZMA KAUSAR, SARVESH ., SYED SUBHAN HUSSAIN

Abstract


The rootkit industry has evolved over the past decade, with attackers preferring to establish backdoors for repeated exploits instead of traditional one-time attacks. As intrusion detection technology advances, the demand for stealthy rootkits has increased, as they conceal their presence by modifying processes and files. Identifying mutated rootkits is challenging. To address this, we proposed the VKRHPDV (Volatile Kernel Rootkit Hidden Process Detection) framework, which utilizes process monitors, comparison analysts, and data gathering to detect hidden processes. This system distinguishes clean processes from those infected by rootkits. Performance analysis on 64 rootkit datasets across UNIX and Windows kernels in a cloud environment demonstrated VKRHPDV's efficacy in identifying process hiding behaviors swiftly.

Full Text:

PDF

References


Tian D., et al. (2021). MDCHD: Malware detection in cloud using hardware trace and deep learning. Computer Networks, 198, 108394. DOI: 10.1016/j.comnet.2021.108394.

Moon S., et al. (2017). Kernel rootkit attack prevention using bus snooping. IEEE TDSC, 14(2), 145–157. DOI: 10.1109/TDSC.2015.2443803.

Zhou H., et al. (2022). Detecting kernel rootkits in virtualized infrastructure. IEEE ICECE, 244–247. DOI: 10.1109/ICECE56287.2022.10048623.

Krishnamurthy P., et al. (2019). Stealthy rootkits in smart grid controllers. IEEE ICCD, 20–28. DOI: 10.1109/ICCD46524.2019.00012.

Xing X., et al. (2022). Malware detection using autoencoder. IEEE Access, 10, 25696–25706. DOI: 10.1109/ACCESS.2022.3155695.

Kuzminykh I., Yevdokymenko M. (2019). Security analysis of rootkit detection. IEEE ATIT, 196–199. DOI: 10.1109/ATIT49449.2019.9030428.

Alaeiyan M., et al. (2019). Context-based malware behavior classification. Computer Communications, 136, 76–90. DOI: 10.1016/j.comcom.2019.01.003.

Xiao J., et al. (2016). HyperLink: VM introspection without kernel source. IEEE ICAC, 127–136. DOI: 10.1109/ICAC.2016.46.

Verma S.K., et al. (2021). iSIMP with MD5-based integrity validation. IEEE ComPE, 94–97. DOI: 10.1109/ComPE53109.2021.9752433.

Alshamrani S.S. (2022). ML-based malware classification in PDFs. Security and Communication Networks. DOI: 10.1155/2022/7611741.


Refbacks

  • There are currently no refbacks.