Neural Network Analysis of System Call Timing for Rootkit Detection

Patrick Luckett, J. Todd McDonald, Joel Dawson

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

19 Scopus citations

Abstract

In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating system software. The purpose of this paper is to describe what a rootkit is, how they operate, and how they relate to other types of malware. Historical data and statistics will be presented in order to show how rootkits have been employed in cyber attacks. Different types of rootkits, including user, kernel, and hypervisor rootkits will be described, as well as the various methods used todefend against rootkits. We will then present a case study where neural networks were used to analyze the behavior of a system both not infected and infected with a rootkit, and categorize the resulting system calls as anomalous or not.

Original languageEnglish
Title of host publicationProceedings - 2016 Cybersecurity Symposium, CYBERSEC 2016
EditorsDaniel Conte de Leon, Dilshani Sarathchandra, Kristin Haltinner, Kevin Chang, Francesco Mercaldo, Jia Song, Michael Haney, Jim Alves-Foss
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-6
Number of pages6
ISBN (Electronic)9781509057719
DOIs
StatePublished - Jul 2 2016
Externally publishedYes
Event3rd Cybersecurity Symposium, CYBERSEC 2016 - Coeur d'Alene, United States
Duration: Apr 18 2016Apr 20 2016

Publication series

NameProceedings - 2016 Cybersecurity Symposium, CYBERSEC 2016

Conference

Conference3rd Cybersecurity Symposium, CYBERSEC 2016
Country/TerritoryUnited States
CityCoeur d'Alene
Period04/18/1604/20/16

Keywords

  • Neural Network
  • Rootkit

Fingerprint

Dive into the research topics of 'Neural Network Analysis of System Call Timing for Rootkit Detection'. Together they form a unique fingerprint.

Cite this