Skip to main content
SpringerLink
Log in

Kernel rootkits implement and detection

  • Trusted Software
  • Published:
Wuhan University Journal of Natural Sciences

Abstract

Rootkits, which unnoticeably reside in your computer, stealthily carry on remote control and software eavesdropping, are a great threat to network and computer security. It's time to acquaint ourselves with their implement and detection. This article pays more attention to kernel rootkits, because they are more difficult to compose and to be identified than useland rootkits. The latest technologies used to write and detect kernel rootkits, along with their advantages and disadvantages, are present in this article.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Greg H, James B.Rootkits: Subverting the Windows Kernel [M]. Boston: Addison Wesley, 2005.

    Google Scholar 

  2. Prasad D, Milind B, Sandeep P.Undocumented Windows NT[M]. New York: M&T Books, 1999: 33–44.

    Google Scholar 

  3. Walter O.Programming the Windows Driver Model[M]. Washington: Microsoft Press, 2003: 77–92.

    Google Scholar 

  4. Peter S.The Art of Computer Virus Research and Defense [M]. Boston: Addison Wesley, 2005: 69–92.

    Google Scholar 

  5. Ed S, Lenny Z.Malware: Fighting Malicious Code [M]. Indiana: Prentice Hall, 2003: 34–45.

    Google Scholar 

  6. David S, Mark R.Microsoft Windows Internals [M]. Washington: Microsoft Press, 2004: 88–102.

    Google Scholar 

  7. Rutkowska J. Detecting Windows Server Compromises with Patchfinder 2 [EB/OL]. [2005-01-20].http://www.invisibleth ings. org/papers/rootkits_detection_with_patchfinder2. pdf.

  8. Cogswell B, Russinovich M. RootkitRevealer [EB/OL]. [2005-06-10].http://www. sysinternals. com/ntw2k/freeware/rootkitreveal.shtml.

  9. James B, Jeff U, John P, Hidden Processes: The Implication for Intrusion Detection [EB/OL]. [2005-01-20].http://www.csee. umbc. edu/~stephens/SECURITY/491M/HiddenProcesses.ppt.

  10. Sven B S.Undocumented Windows 2000 Secret [M]. Boston: Addison Wesley, 2001: 143–152.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Information Engineering University, 450002, Zhengzhou, Henan, China

    Li Xianghe, Zhang Liancheng & Li Shuo

Authors
  1. Li Xianghe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhang Liancheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Li Shuo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Li Xianghe.

Additional information

Foundation item: Supported by the Key Scientific and Technological Project of Henan Province (SP200402089)

Biography: LI Xianghe (1957-), male, Professor, research direction: network communication, network attack and defense.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xianghe, L., Liancheng, Z. & Shuo, L. Kernel rootkits implement and detection. Wuhan Univ. J. Nat. Sci. 11, 1473–1476 (2006). https://doi.org/10.1007/BF02831800

Download citation

  • Received:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF02831800

Key words

CLC number

Search

Navigation