CFP last date
15 January 2025
Reseach Article

Combating Kernel Rootkits on Linux Version 2.6 (Analysis of Rootkit Prevention, Detection and Correction)

by T.J. Anande, T.K. Genger, J.U. Abasiene
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 10 - Number 8
Year of Publication: 2016
Authors: T.J. Anande, T.K. Genger, J.U. Abasiene
10.5120/ijais2016451540

T.J. Anande, T.K. Genger, J.U. Abasiene . Combating Kernel Rootkits on Linux Version 2.6 (Analysis of Rootkit Prevention, Detection and Correction). International Journal of Applied Information Systems. 10, 8 ( April 2016), 1-10. DOI=10.5120/ijais2016451540

@article{ 10.5120/ijais2016451540,
author = { T.J. Anande, T.K. Genger, J.U. Abasiene },
title = { Combating Kernel Rootkits on Linux Version 2.6 (Analysis of Rootkit Prevention, Detection and Correction) },
journal = { International Journal of Applied Information Systems },
issue_date = { April 2016 },
volume = { 10 },
number = { 8 },
month = { April },
year = { 2016 },
issn = { 2249-0868 },
pages = { 1-10 },
numpages = {9},
url = { https://www.ijais.org/archives/volume10/number8/880-2016451540/ },
doi = { 10.5120/ijais2016451540 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T19:02:53.738771+05:30
%A T.J. Anande
%A T.K. Genger
%A J.U. Abasiene
%T Combating Kernel Rootkits on Linux Version 2.6 (Analysis of Rootkit Prevention, Detection and Correction)
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 10
%N 8
%P 1-10
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Rootkits are a major security concern for smartphones today. They have always been around, though largely operational on desktops and PCs. On the mobile platform, their presence was not very popular until the advent of smartphones and advanced mobile devices. The rapid developments and trends recorded on smartphones today make them highly vulnerable to rootkit attacks. Smartphone operating systems now come highly sophisticated and packaged with advanced functionality to keep record of users’ diary, sensitive personal and security details, among others. These features make them a prime choice for attacks from rootkit authors, who explore all available avenues to exploit and extract this information for malicious purposes. Cases of rootkit attacks have continued to increase with more of such attacks targeted at popular smartphone operating systems like Android. In this research, we discuss rootkits, illustrating their operational architecture and operation with a design of a kernel rootkit for the Linux kernel 2.6. We explore possible measures to combat rootkits on the mobile platform, using Android as a case study.

References
  1. Rootkit Analytics. Kernelland rootkits. Available at http://www.rootkitanalytics.com/kernelland/ linux-kernel-rootkit.php (2013/12/09).
  2. Arati Baliga, Vinod Ganapathy, and Liviu Iftode. Detecting kernel-level rootkits using data structure invariants. Dependable and Secure Computing, IEEE Transactions on, 8(5):670–684, 2011.
  3. David Barrera and Paul Van Oorschot. Secure software installation on smartphones. IEEE Security & Privacy, (3):42–48, 2010.
  4. Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode. Rootkits on smart phones: attacks, implications and opportunities. In Proceedings of the eleventh workshop on mobile computing systems & applications, pages 49–54. ACM, 2010.
  5. A. Bridgewater. What is signature based detection. Available at http://www.blogs.avg.com/business/ signature-based-detection/ (2013/09/30).
  6. Andriod Community. Security. Available at http: //www.source.android.com/security/index.html (2016/02/20).
  7. Faronics Corporation. Faronics deep freeze enterprise: User guide. Available at http://www.faronics.com/ assets/DFE_Manual.pdf (2013/09/12).
  8. P Bovet Daniel and Cesati Marco. Understanding the linux kernel. Sebastopol, CA, US, OReilly, pages 500–800, 2005.
  9. Nokia Developer. Windows phone platform security. Available at http://www.developer.nokia.com/ Community/ (2013/08/28).
  10. Bryan Dixon and Shivakant Mishra. On rootkit and malware detection in smartphones. In Dependable Systems and NetworksWorkshops (DSN-W), 2010 International Conference on, pages 162–163. IEEE, 2010.
  11. Manu Garg. Sysenter based system call mechanism in linux 2.6, 2006.
  12. Hoglund Greg and B James. Rootkits: subverting the windows kernel. H. Greg, & B. James, Rootkit Detection, pages 295–312, 2005.
  13. C.C. Hameed. Understanding crash dump files. Available at http://www.blogs.technet. com/b/askperf/archive/2008/01/08/ understanding-crash-dump-files.aspx (2013/09/26).
  14. Jie Hao, Yu-Jie Hao, Zhi-Jian Ding, and Lin-Tao Song. A methodology to detect kernel level rootkits based on detecting hidden processes. In Apperceiving Computing and Intelligence Analysis, 2008. ICACIA 2008. International Conference on, pages 359–361. IEEE, 2008.
  15. J. Heary. Top 5 social engineering exploit techniques. Available at http://www.pcworld.com/article/ 182180/top_5_social_engineering_exploit_ techniques.html (2013/09/13).
  16. Greg Hoglund and James Butler. Rootkits: subverting the Windows kernel. Addison-Wesley Professional, 2006.
  17. IDC. Idc press release. Available at http://www. idc.com/getdoc.jsp?containerId=prUS24108913 (2013/08/01).
  18. C. Janssen. Memory dump. Available at http://www. techopedia.com/definition/20663/memory-dump (2013/09/26).
  19. Sungkwan Kim, Junyoung Park, Kyungroul Lee, Ilsun You, and Kangbin Yim. A brief survey on rootkit techniques in malicious codes. Journal of Internet Services and Information Security, 3(4):134–147, 2012.
  20. Eric Lacombe, Fr´ed´eric Raynal, and Vincent Nicomette. Rootkit modeling and experiments under linux. Journal in Computer Virology, 4(2):137–157, 2008.
  21. H. Lang. Freebsd kernel rootkit design howtos - 4 - kernel and user space transitions. Available at http://www.old.hailang.me/2012/06/10/ freebsd-kernel-rootkit-design-howtos---4---kernel-and-u(2013/08/27).
  22. Anthony Lineberry.Malicious code injection via/dev/mem. Black Hat Europe, page 11, 2009.
  23. B. Martin. Types of rootkit viruses preventive measures. Available at http://www. dailytipsndtricks.blogspot.com/2013/02/ types-of-rootkit-viruses-preventive.html (2013/07/15).
  24. Naveen. Embedded linux. Available at http://www. naveengopala-embeddedlinux.blogspot.co.uk/ 2012/01/linux-kernel-programmingmemory.html (2013/11/13).
  25. Nixcraft. Top 8 tools for search memory under linux/unix [forensics analysis]. Available at http://www.cyberciti.biz/programming/ linux-memory-forensics-analysis-tools/ (2013/09/26).
  26. PC Plus. How to discover hidden rootkits. Available at http://www.techradar.com/news/computing/ pc/how-to-discover-hidden-rootkits-1095174 (2013/09/25).
  27. OWASP Mobile Security Project. Android. Available at http://www.owasp.org/index.php/ (2013/09/17).
  28. Srikanth Ramu. Mobile malware evolution, detection and defense. EECE 571B, Term Survey Paper, 2012.
  29. Rizwan Rehman, GC Hazarika, and Gunadeep Chetia. Malware threats and mitigation strategies: A survey. Journal of Theoretical and Applied Information Technology, 29(2):69–73, 2011.
  30. M. Rouse. Social engineering. Available at http://www.searchsecurity.techtarget.com/ definition/social-engineering (2013/09/23).
  31. M. Rouse. Trojan horse. Available at http://www. searchsecurity.techtarget.com/definition/ Trojan-horse (2013/10/23).
  32. Imtithal A Saeed, Ali Selamat, and Ali MA Abuagoub. A survey on malware and malware detection systems. International Journal of Computer Applications, 67(16), 2013.
  33. Markus Schmall. Heuristic techniques in av solutions: An overview. SecurityFocus. com, http://www. securityfocus. com/infocus/1542,(Feb. 2002), 2002.
  34. E Eugene Schultz and Edward Ray. Rootkits: The ultimate malware threat. Information Security Management Handbook, 2:175, 2008.
  35. Panda Security. Spam. Available at http://www. pandasecurity.com/homeusers/security-info/ cybercrime/spam/ (2013/10/22).
  36. P. Shetty. Rootkits: Both sides of the backdoor. Available at http://www.scf.usc.edu/~shettyp/rootkits.pdf (2013/07/15).
  37. Tyler Shields. Survey of rootkit technologies and their impact on digital forensics, 2008.
  38. Hamza Sirag, Nihant Bondugula, and Rishabh Gupta. Advanced persistent attacks: Bios rootkit-mebromi. 2011.
  39. T. Thomas. What is heuristic antivirus detection? Available at http://www.internet-security-suite-review. toptenreviews.com/premium-security-suites/ what-is-heuristic-antivirus-detection-.html (2013/09/30).
  40. Sampo T¨oyssy and Marko Helenius. About malicious software in smartphones. Journal in Computer Virology, 2(2):109–119, 2006.
  41. Truff. Infecting loadable kernel modules. Available at http://www.linux-box.nl/~roeland/doc/ phrack61.pdf (2016/02/15).
  42. Unmarshal. Syscall-proxy. Available at http: //www.github.com/unmarshal/Syscall-Proxy (2013/11/15).
  43. J Wallen. Five tips for dealing with rootkits. Available at http://www.techrepublic.com/blog/five-apps/ five-tips-for-dealing-with-rootkits/ (2013/09/02).
  44. Merrill Warkentin. Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues: Managerial and Technical Issues. IGI Global, 2006.
  45. Webopedia. What is keylogger?
Index Terms

Computer Science
Information Sciences

Keywords

Linux Smartphone Kernel Kernel Freeze Backdoor