Skip to main content
SpringerLink
Log in

Monitoring System’s Network Activity for Rootkit Malware Detection

  • Conference paper
Computer Networks (CN 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 370))

Included in the following conference series:

Abstract

Contemporary malware authors attempt many ways to make its products “invisible” for antymalware programs, and after infection deeply conceal its operation from users sight. The presence of concealed malware can be detected many ways. Most of them operate “on demand” and provides high scanning overload of the system, blocking the chances for normal users operation. The paper presents new method of rootkit operation detection, suitable for continuous operation, based on the analysis of network activity pictures viewed from two sources (internal and external to system), along with the results of method tests on virtual machines infected with the selected rootkits code samples.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Shields, T.: Survey of Rootkit Technologies and Their Impact on Digital Forensics, http://www.donkeyonawaffle.org/misc/txs-rootkits_and_digital_forensics.pdf

  2. Naraine, R.: Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes, http://www.eweek.com/c/a/Security/Microsoft-Stealth-Rootkits-Are-Bombarding-XP-SP2-Boxes/

  3. Josse, S.: Rootkit detection from outside the Matrix. Journal in Computer Virology 3(2), 113–123 (2007)

    Article  Google Scholar 

  4. Geist, M.: Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware on Your Computer, http://www.michaelgeist.ca/content/view/6777/125/

  5. Brown, B.: Sony BMG rootkit scandal: 5 years later, http://www.networkworld.com/news/2010/110110-sonybmg-rootkit-fsecure-drm.html

  6. Rozas, C., Khosravi, H., Sunder, D.K., Bulygin, Y.: Enhanced detection of malware. Intel Technology Journal 13(2) (2009)

    Google Scholar 

  7. King, S.T., Chen, P.M.: SubVirt: implementing malware with virtual machines. In: 2006 IEEE Symposium on: Security and Privacy, pp. 315–327 (May 2006)

    Google Scholar 

  8. Tsaur, W.-J.: Strengthening digital rights management using a new driver-hidden rootkit. IEEE Transactions on Consumer Electronics 58(2), 479–483 (2012)

    Article  Google Scholar 

  9. http://www.malwaredomainlist.com/mdl.php

  10. https://secure.mayhemiclabs.com/malhosts/malhosts.txt

  11. https://zeustracker.abuse.ch/monitor.php?browse=binaries

  12. http://dionaea.carnivore.it/

  13. http://contagiodump.blogspot.com/search/label/rootkit

  14. http://technet.microsoft.com/en-US/sysinternals

  15. http://www.honeynet.org/project/CaptureBAT

  16. http://etherape.sourceforge.net/

  17. Gorawski, M., Marks, P.: Towards Reliability and Fault-Tolerance of Distributed Stream Processing System. In: International Conference on Dependability of Computer Systems (DepCoS – RELCOMEX 2007), pp. 246–253. IEEE, Szklarska (2007)

    Chapter  Google Scholar 

  18. Gorawski, M., Marks, P.: Checkpoint-based resumption in data warehouses. In: Sacha, K. (ed.) IFIP Software Engineering Techniques, Design for Quality, vol. 227, pp. 313–323. Springer, Boston (2006)

    Google Scholar 

  19. McAfee: Rootkits. Part 1 of 3: The growing threat, http://download.nai.com/Products/mcafee-avert/whitepapers/akapoor_rootkits1.pdf

  20. ARGUS – Auditing Network Activity, http://www.qosient.com/argus

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, Silesian University of Technology, Akademicka 16, 44-100, Gliwice, Poland

    Mirosław Skrzewski

Authors
  1. Mirosław Skrzewski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Informatics, Silesian University of Technology, ul. Akademicka 16, 41-100, Gliwice, Poland

    Andrzej Kwiecień

  2. Institute of Informatics, Silesian University of Technology, ul. Akademicka 16, 44-100, Gliwice, Poland

    Piotr Gaj  & Piotr Stera  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Skrzewski, M. (2013). Monitoring System’s Network Activity for Rootkit Malware Detection. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2013. Communications in Computer and Information Science, vol 370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38865-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38865-1_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38864-4

  • Online ISBN: 978-3-642-38865-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation