TY - GEN
T1 - Neural Network Analysis of System Call Timing for Rootkit Detection
AU - Luckett, Patrick
AU - Todd McDonald, J.
AU - Dawson, Joel
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/7/2
Y1 - 2016/7/2
N2 - In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating system software. The purpose of this paper is to describe what a rootkit is, how they operate, and how they relate to other types of malware. Historical data and statistics will be presented in order to show how rootkits have been employed in cyber attacks. Different types of rootkits, including user, kernel, and hypervisor rootkits will be described, as well as the various methods used todefend against rootkits. We will then present a case study where neural networks were used to analyze the behavior of a system both not infected and infected with a rootkit, and categorize the resulting system calls as anomalous or not.
AB - In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating system software. The purpose of this paper is to describe what a rootkit is, how they operate, and how they relate to other types of malware. Historical data and statistics will be presented in order to show how rootkits have been employed in cyber attacks. Different types of rootkits, including user, kernel, and hypervisor rootkits will be described, as well as the various methods used todefend against rootkits. We will then present a case study where neural networks were used to analyze the behavior of a system both not infected and infected with a rootkit, and categorize the resulting system calls as anomalous or not.
KW - Neural Network
KW - Rootkit
UR - http://www.scopus.com/inward/record.url?scp=85022327269&partnerID=8YFLogxK
U2 - 10.1109/CYBERSEC.2016.008
DO - 10.1109/CYBERSEC.2016.008
M3 - Conference contribution
AN - SCOPUS:85022327269
T3 - Proceedings - 2016 Cybersecurity Symposium, CYBERSEC 2016
SP - 1
EP - 6
BT - Proceedings - 2016 Cybersecurity Symposium, CYBERSEC 2016
A2 - de Leon, Daniel Conte
A2 - Sarathchandra, Dilshani
A2 - Haltinner, Kristin
A2 - Chang, Kevin
A2 - Mercaldo, Francesco
A2 - Song, Jia
A2 - Haney, Michael
A2 - Alves-Foss, Jim
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd Cybersecurity Symposium, CYBERSEC 2016
Y2 - 18 April 2016 through 20 April 2016
ER -