Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper

-

July Edition 2021

International Journal of Applied Information Systems solicits high quality original research papers for the July 2021 Edition of the journal. The last date of research paper submission is June 15, 2021.

Combating Kernel Rootkits on Linux Version 2.6 (Analysis of Rootkit Prevention, Detection and Correction)

T.J. Anande, T.K. Genger, J.U. Abasiene. Published in Security

International Journal of Applied Information Systems
Year of Publication: 2016
Publisher: Foundation of Computer Science (FCS), NY, USA
Authors: T.J. Anande, T.K. Genger, J.U. Abasiene
10.5120/ijais2016451540
Download full text
  1. T J Anande, T K Genger and J U Abasiene. Article: Combating Kernel Rootkits on Linux Version 2.6 (Analysis of Rootkit Prevention, Detection and Correction). International Journal of Applied Information Systems 10(8):1-10, April 2016. BibTeX

    @article{key:article,
    	author = "T.J. Anande and T.K. Genger and J.U. Abasiene",
    	title = "Article: Combating Kernel Rootkits on Linux Version 2.6 (Analysis of Rootkit Prevention, Detection and Correction)",
    	journal = "International Journal of Applied Information Systems",
    	year = 2016,
    	volume = 10,
    	number = 8,
    	pages = "1-10",
    	month = "April",
    	note = "Published by Foundation of Computer Science (FCS), NY, USA"
    }
    

Abstract

Rootkits are a major security concern for smartphones today. They have always been around, though largely operational on desktops and PCs. On the mobile platform, their presence was not very popular until the advent of smartphones and advanced mobile devices. The rapid developments and trends recorded on smartphones today make them highly vulnerable to rootkit attacks. Smartphone operating systems now come highly sophisticated and packaged with advanced functionality to keep record of users’ diary, sensitive personal and security details, among others. These features make them a prime choice for attacks from rootkit authors, who explore all available avenues to exploit and extract this information for malicious purposes. Cases of rootkit attacks have continued to increase with more of such attacks targeted at popular smartphone operating systems like Android. In this research, we discuss rootkits, illustrating their operational architecture and operation with a design of a kernel rootkit for the Linux kernel 2.6. We explore possible measures to combat rootkits on the mobile platform, using Android as a case study.

Reference

  1. Rootkit Analytics. Kernelland rootkits. Available at http://www.rootkitanalytics.com/kernelland/ linux-kernel-rootkit.php (2013/12/09).
  2. Arati Baliga, Vinod Ganapathy, and Liviu Iftode. Detecting kernel-level rootkits using data structure invariants. Dependable and Secure Computing, IEEE Transactions on, 8(5):670–684, 2011.
  3. David Barrera and Paul Van Oorschot. Secure software installation on smartphones. IEEE Security & Privacy, (3):42–48, 2010.
  4. Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode. Rootkits on smart phones: attacks, implications and opportunities. In Proceedings of the eleventh workshop on mobile computing systems & applications, pages 49–54. ACM, 2010.
  5. A. Bridgewater. What is signature based detection. Available at http://www.blogs.avg.com/business/ signature-based-detection/ (2013/09/30).
  6. Andriod Community. Security. Available at http: //www.source.android.com/security/index.html (2016/02/20).
  7. Faronics Corporation. Faronics deep freeze enterprise: User guide. Available at http://www.faronics.com/ assets/DFE_Manual.pdf (2013/09/12).
  8. P Bovet Daniel and Cesati Marco. Understanding the linux kernel. Sebastopol, CA, US, OReilly, pages 500–800, 2005.
  9. Nokia Developer. Windows phone platform security. Available at http://www.developer.nokia.com/ Community/ (2013/08/28).
  10. Bryan Dixon and Shivakant Mishra. On rootkit and malware detection in smartphones. In Dependable Systems and NetworksWorkshops (DSN-W), 2010 International Conference on, pages 162–163. IEEE, 2010.
  11. Manu Garg. Sysenter based system call mechanism in linux 2.6, 2006.
  12. Hoglund Greg and B James. Rootkits: subverting the windows kernel. H. Greg, & B. James, Rootkit Detection, pages 295–312, 2005.
  13. C.C. Hameed. Understanding crash dump files. Available at http://www.blogs.technet. com/b/askperf/archive/2008/01/08/ understanding-crash-dump-files.aspx (2013/09/26).
  14. Jie Hao, Yu-Jie Hao, Zhi-Jian Ding, and Lin-Tao Song. A methodology to detect kernel level rootkits based on detecting hidden processes. In Apperceiving Computing and Intelligence Analysis, 2008. ICACIA 2008. International Conference on, pages 359–361. IEEE, 2008.
  15. J. Heary. Top 5 social engineering exploit techniques. Available at http://www.pcworld.com/article/ 182180/top_5_social_engineering_exploit_ techniques.html (2013/09/13).
  16. Greg Hoglund and James Butler. Rootkits: subverting the Windows kernel. Addison-Wesley Professional, 2006.
  17. IDC. Idc press release. Available at http://www. idc.com/getdoc.jsp?containerId=prUS24108913 (2013/08/01).
  18. C. Janssen. Memory dump. Available at http://www. techopedia.com/definition/20663/memory-dump (2013/09/26).
  19. Sungkwan Kim, Junyoung Park, Kyungroul Lee, Ilsun You, and Kangbin Yim. A brief survey on rootkit techniques in malicious codes. Journal of Internet Services and Information Security, 3(4):134–147, 2012.
  20. Eric Lacombe, Fr´ed´eric Raynal, and Vincent Nicomette. Rootkit modeling and experiments under linux. Journal in Computer Virology, 4(2):137–157, 2008.
  21. H. Lang. Freebsd kernel rootkit design howtos - 4 - kernel and user space transitions. Available at http://www.old.hailang.me/2012/06/10/ freebsd-kernel-rootkit-design-howtos---4---kernel-and-u(2013/08/27).
  22. Anthony Lineberry.Malicious code injection via/dev/mem. Black Hat Europe, page 11, 2009.
  23. B. Martin. Types of rootkit viruses preventive measures. Available at http://www. dailytipsndtricks.blogspot.com/2013/02/ types-of-rootkit-viruses-preventive.html (2013/07/15).
  24. Naveen. Embedded linux. Available at http://www. naveengopala-embeddedlinux.blogspot.co.uk/ 2012/01/linux-kernel-programmingmemory.html (2013/11/13).
  25. Nixcraft. Top 8 tools for search memory under linux/unix [forensics analysis]. Available at http://www.cyberciti.biz/programming/ linux-memory-forensics-analysis-tools/ (2013/09/26).
  26. PC Plus. How to discover hidden rootkits. Available at http://www.techradar.com/news/computing/ pc/how-to-discover-hidden-rootkits-1095174 (2013/09/25).
  27. OWASP Mobile Security Project. Android. Available at http://www.owasp.org/index.php/ (2013/09/17).
  28. Srikanth Ramu. Mobile malware evolution, detection and defense. EECE 571B, Term Survey Paper, 2012.
  29. Rizwan Rehman, GC Hazarika, and Gunadeep Chetia. Malware threats and mitigation strategies: A survey. Journal of Theoretical and Applied Information Technology, 29(2):69–73, 2011.
  30. M. Rouse. Social engineering. Available at http://www.searchsecurity.techtarget.com/ definition/social-engineering (2013/09/23).
  31. M. Rouse. Trojan horse. Available at http://www. searchsecurity.techtarget.com/definition/ Trojan-horse (2013/10/23).
  32. Imtithal A Saeed, Ali Selamat, and Ali MA Abuagoub. A survey on malware and malware detection systems. International Journal of Computer Applications, 67(16), 2013.
  33. Markus Schmall. Heuristic techniques in av solutions: An overview. SecurityFocus. com, http://www. securityfocus. com/infocus/1542,(Feb. 2002), 2002.
  34. E Eugene Schultz and Edward Ray. Rootkits: The ultimate malware threat. Information Security Management Handbook, 2:175, 2008.
  35. Panda Security. Spam. Available at http://www. pandasecurity.com/homeusers/security-info/ cybercrime/spam/ (2013/10/22).
  36. P. Shetty. Rootkits: Both sides of the backdoor. Available at http://www.scf.usc.edu/~shettyp/rootkits.pdf (2013/07/15).
  37. Tyler Shields. Survey of rootkit technologies and their impact on digital forensics, 2008.
  38. Hamza Sirag, Nihant Bondugula, and Rishabh Gupta. Advanced persistent attacks: Bios rootkit-mebromi. 2011.
  39. T. Thomas. What is heuristic antivirus detection? Available at http://www.internet-security-suite-review. toptenreviews.com/premium-security-suites/ what-is-heuristic-antivirus-detection-.html (2013/09/30).
  40. Sampo T¨oyssy and Marko Helenius. About malicious software in smartphones. Journal in Computer Virology, 2(2):109–119, 2006.
  41. Truff. Infecting loadable kernel modules. Available at http://www.linux-box.nl/~roeland/doc/ phrack61.pdf (2016/02/15).
  42. Unmarshal. Syscall-proxy. Available at http: //www.github.com/unmarshal/Syscall-Proxy (2013/11/15).
  43. J Wallen. Five tips for dealing with rootkits. Available at http://www.techrepublic.com/blog/five-apps/ five-tips-for-dealing-with-rootkits/ (2013/09/02).
  44. Merrill Warkentin. Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues: Managerial and Technical Issues. IGI Global, 2006.
  45. Webopedia. What is keylogger?

Keywords

Linux, Smartphone, Kernel, Kernel Freeze, Backdoor