UPM Institutional Repository

Operating system kernel malware characterization using data-centric approach


Citation

Mohamad Har, Harmi Armira (2018) Operating system kernel malware characterization using data-centric approach. Masters thesis, Universiti Putra Malaysia.

Abstract

Malicious software or malware is any malicious code in software that can be used to compromise computer operations, gather sensitive information, gain access to private computer resources and do any illegitimate action on data, host or networks. In this modern technology, malware is rapidly evolved through various stealth techniques to avoid detection. Malware is able to infect and exploit resource from various system platforms. Those evolvements and advanced trick caused code-centric approach becomes less-effective. Especially when the code-centric approach is used to detect OS kernel malware, the approach becomes inflexible as they are good in hiding themselves and cover up their track. Moreover, OS kernel malware also is able to circumvent detection by varying the pattern of code execution. Therefore, this project is proposing a quite brand new approach which is data-centric approach by characterizing the OS kernel malware. This approach tries to detect OS rootkits based on trace pattern found in memory dump content. In order to implement this approach, a Data-Centric OS Kernel Malware Characterization framework is being used. This framework consists of two main components. The first component in this framework is a Dataset of Rootkits Characterization that will create dataset by identifying memory dump content that indicates the trace of rootkits. The second component which is Determine the Rootkits Presence that able to detect rootkits based on signature created on component one. By collecting the benign and malicious sample, an analysis is being done to create the rootkits signature. This approach is able to detect and calculate the percentage of unknown samples. As for future enhancement, it is better to use more benign and malicious sample to be analyzed. This will increase the accuracy of the result and get more valid rootkits signature.


Download File

[img]
Preview
Text
FSKTM 2018 29 - IR.pdf

Download (1MB) | Preview

Additional Metadata

Item Type: Thesis (Masters)
Subject: Malware (Computer software)
Subject: Computer security
Call Number: FSKTM 2018 29
Chairman Supervisor: Dr. Mohd Yunus Sharum
Divisions: Faculty of Computer Science and Information Technology
Depositing User: Ms. Nur Faseha Mohd Kadim
Date Deposited: 18 Jun 2019 01:38
Last Modified: 18 Jun 2019 01:38
URI: http://psasir.upm.edu.my/id/eprint/68910
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item