A Linux rootkit improvement based on inline hook
Authors
Jun Gu, Ming Xian, Tian Chen, RuiXiang Du
Corresponding Author
Jun Gu
Available Online April 2016.
- DOI
- 10.2991/ameii-16.2016.155How to use a DOI?
- Keywords
- Linux Rootkit, Inline hook, VFS
- Abstract
Rootkit and its detection technology promoted mutually. This paper proposes a kernel rootkit level division method based on function call relationship. The deeper rootkit's level is, the more difficult its detection becomes. We put forward and implement a rootkit method based on inline hook. It pushes the rootkit down a lower level in the kernel space. Experimental results show our method has excellent performance on hiding malicious programs.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Jun Gu AU - Ming Xian AU - Tian Chen AU - RuiXiang Du PY - 2016/04 DA - 2016/04 TI - A Linux rootkit improvement based on inline hook BT - Proceedings of the 2nd International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 2016) PB - Atlantis Press SP - 793 EP - 798 SN - 2352-5401 UR - https://doi.org/10.2991/ameii-16.2016.155 DO - 10.2991/ameii-16.2016.155 ID - Gu2016/04 ER -