1 / 12

Linux Kernel Rootkits

Linux Kernel Rootkits. Instructor: Dr. Harold C. Grossman Students: Jinwei Liu & Subhra S. Sarkar. Agenda. Introduction History Rootkit objectives Malware classification & Rootkit’s standing Specific rootkit features Detection mechanisms Conclusion. Introduction. What are rootkits?

harlana
Download Presentation

Linux Kernel Rootkits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Kernel Rootkits Instructor: Dr. Harold C. Grossman Students: Jinwei Liu & Subhra S. Sarkar

  2. Agenda • Introduction • History • Rootkit objectives • Malware classification & Rootkit’s standing • Specific rootkit features • Detection mechanisms • Conclusion

  3. Introduction • What are rootkits? - tool to conceal information - hides files and process - escapes detection - creates backdoor - enables hackers to remotely control infected machines

  4. History • Ken Thompson’s work on exploitation • Brain virus in 1986 • Lane Davis & Steve Drake’s rootkit • Sony BMG copy protection rootkit • Greek wiretapping • Carrier IQ rootkit on smartphone devices

  5. Rootkit Objectives Based on the analysis of Nick Petroni and J. Hicks, the objectives of each rootkit fall into one or more of the following categories – • HID • PE • REE • REC • NEU

  6. Malware Classification The following classification was suggested by Joanna Rutkowska in Black Hat 2006 – • Type 0 Malware • Type 1 Malware • Type 2 Malware • Type 3 Malware

  7. Rootkit Features Common rootkit features are as below – • File hiding • Process hiding • Socket hiding • Backdoor creation • Auto-start after reboot • Sophisticated layer of obfuscation • Keystroke logging

  8. Rootkit Detection There are various ways of detecting Linux rootkits. Some of the detection mechanisms are mentioned below – • LKM filtering • HIDS • LIDS • State-based control-flow integrity test(SBCFI) • Detection based on distribution of system calls (Anderson-Darling)

  9. Conclusion In this presentation, we’ve provided a general overview of rootkits, basic rootkit attributes, their objectives, malware classification and rootkit’s standing in there and several detection mechanisms, both for user-space and kernel-space rootkits. Also, we briefly covered a comparative analysis of various rootkit detection mechanisms.

  10. References Below is the list of references – • http://en.wikipedia.org/wiki/Rootkit • http://www.businessweek.com/technology/content/nov2005/tc20051129_685454.htm • http://www.huffingtonpost.com/2011/12/01/carrier-iq-iphone-android-blackberry_n_1123575.html • http://arch.ece.gatech.edu/people/Manoj.html • http://dl.acm.org/citation.cfm?id=1315260 • http://packetstormsecurity.org/search/?q=phalanx • http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.134.3527

  11. Questions?

  12. Thank You

More Related