1x11x11x1
HomeArticlesDetecting Kernel-Level Rootkits Through Binary Analysis

Detecting Kernel-Level Rootkits Through Binary Analysis

by Christopher Kruegel, William Robertson, Giovanni Vigna

AUTHORS' DESCRIPTION

This paper presents a technique that exploits binary analysis to ascertain, at load time, if a module’s behavior resembles the behavior of a rootkit. Through this method, it is possible to provide additional protection against this type of malicious modification of the kernel. Our technique relies on an abstract model of module behavior that is not affected by small changes in the binary image of the module. Therefore, the technique is resistant to attempts to conceal the malicious nature of a kernel module.
Read the full article
HomeArticlesDetecting Kernel-Level Rootkits Through Binary Analysis