Research on VFS Layer Rootkit Technique in Linux
2010; East China Computer Technology Research Institute; Linguagem: Inglês
ISSN
1000-3428
Autores Tópico(s)Network Security and Intrusion Detection
ResumoThe kernel rootkit at VFS layer hides deeply in Linux,and it is hard to be detected and killed.adore-ng is a typical rootkit application,but it can not survive some of the real-time monitoring programs,such as the Kaspersky Internet security.Aiming at this problem,the paper proposes two different solutions.One is by the modification of relevant system calls,the other is by filtering the content written by the VFS write call.Both these two approaches are easy to be implemented.Experimental results show the approaches are effective.
Referência(s)