Neural Network Analysis of System Call Timing for Rootkit Detection

In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating syst...

Full description

Saved in:
Bibliographic Details
Published in2016 Cybersecurity Symposium (CYBERSEC) pp. 1 - 6
Main Authors Luckett, Patrick, McDonald, J. Todd, Dawson, Joel
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2016
Subjects
Kernel
Malware
Neural Network
Neural networks
Rootkit
Smart phones
Virtual machine monitors
Virtual machining
Online AccessGet full text

Cover

More Information
Summary:In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating system software. The purpose of this paper is to describe what a rootkit is, how they operate, and how they relate to other types of malware. Historical data and statistics will be presented in order to show how rootkits have been employed in cyber attacks. Different types of rootkits, including user, kernel, and hypervisor rootkits will be described, as well as the various methods used to defend against rootkits. We will then present a case study where neural networks were used to analyze the behavior of a system both not infected and infected with a rootkit, and categorize the resulting system calls as anomalous or not.
DOI:10.1109/CYBERSEC.2016.008