東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Rootkit detection through phase-spac...

Dawson, Joel.

Linked to FindBook

Google Book

Amazon

博客來

Rootkit detection through phase-space analysis of system call timing and power data.

Record Type:	Electronic resources : Monograph/item
Title/Author:	Rootkit detection through phase-space analysis of system call timing and power data./
Author:	Dawson, Joel.
Published:	Ann Arbor : ProQuest Dissertations & Theses, : 2017,
Description:	125 p.
Notes:	Source: Masters Abstracts International, Volume: 78-10.
Contained By:	Masters Abstracts International78-10.
Subject:	Applied Mathematics. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10267772
ISBN:	9781369716993

Rootkit detection through phase-space analysis of system call timing and power data.
Dawson, Joel.

Rootkit detection through phase-space analysis of system call timing and power data. - Ann Arbor : ProQuest Dissertations & Theses, 2017 - 125 p.

Source: Masters Abstracts International, Volume: 78-10.

Thesis (M.S.)--University of South Alabama, 2017.

This item must not be sold to any third party vendors.

Rootkits are powerful pieces of malicious software that have grown in popularity with cybercriminals and nation state actors. These programs threaten a system by acquiring administrator privilege and then evading detection or removal by through active and passive stealth tactics. This research proposes an anomaly-based system to detect rootkit infection through an analysis of system call timing and power measurement traces. Our algorithm uses phase-space graphs which reconstruct the dynamics of the computer system from time-delay embedding of the original time-series data. We analyze effectiveness of this approach using measurements from a host infected with the KBeast rootkit. Our experimental methodology answers two key questions: whether timing data collected at the hypervisor level is useful for rootkit detection compared to data collected via kernel level modules and whether low-frequency power data can be used as a determining feature for the presence of rootkits themselves. Our results indicate, that at least for the KBeast rootkit, both questions are answered positively. Broader interpretation of the results may lead us to conclude that such techniques would also be effective for detecting other rootkits that hook system calls in the same manner that KBeast does.

ISBN: 9781369716993Subjects--Topical Terms:

1669109
Applied Mathematics.
Subjects--Index Terms:

Anomaly detection

Rootkit detection through phase-space analysis of system call timing and power data.
LDR:02587nmm a2200409 4500 001 2270817
005 20201007134021.5
008 220629s2017 ||||||||||||||||| ||eng d
020 $a 9781369716993
035 $a (MiAaPQ)AAI10267772
035 $a (MiAaPQ)southalabama:10490
035 $a AAI10267772
040 $a MiAaPQ $c MiAaPQ
100 1 $a Dawson, Joel. $3 3548194
245 1 0 $a Rootkit detection through phase-space analysis of system call timing and power data.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2017
300 $a 125 p.
500 $a Source: Masters Abstracts International, Volume: 78-10.
500 $a Publisher info.: Dissertation/Thesis.
500 $a Advisor: McDonald, Jeffrey T.
502 $a Thesis (M.S.)--University of South Alabama, 2017.
506 $a This item must not be sold to any third party vendors.
520 $a Rootkits are powerful pieces of malicious software that have grown in popularity with cybercriminals and nation state actors. These programs threaten a system by acquiring administrator privilege and then evading detection or removal by through active and passive stealth tactics. This research proposes an anomaly-based system to detect rootkit infection through an analysis of system call timing and power measurement traces. Our algorithm uses phase-space graphs which reconstruct the dynamics of the computer system from time-delay embedding of the original time-series data. We analyze effectiveness of this approach using measurements from a host infected with the KBeast rootkit. Our experimental methodology answers two key questions: whether timing data collected at the hypervisor level is useful for rootkit detection compared to data collected via kernel level modules and whether low-frequency power data can be used as a determining feature for the presence of rootkits themselves. Our results indicate, that at least for the KBeast rootkit, both questions are answered positively. Broader interpretation of the results may lead us to conclude that such techniques would also be effective for detecting other rootkits that hook system calls in the same manner that KBeast does.
590 $a School code: 0491.
650 4 $a Applied Mathematics. $3 1669109
650 4 $a Electrical engineering. $3 649834
650 4 $a Computer science. $3 523869
653 $a Anomaly detection
653 $a Computer security
653 $a Intrusion detection system
653 $a Malware
653 $a Nonlinear mathematics
653 $a Side channel analysis
690 $a 0364
690 $a 0544
690 $a 0984
710 2 $a University of South Alabama. $b School of Computer and Information Science. $3 3183176
773 0 $t Masters Abstracts International $g 78-10.
790 $a 0491
791 $a M.S.
792 $a 2017
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10267772