Back to Search Start Over

Intrusion Prevention Method on LKM (Loadable Kernel Module) Backdoor Attack

Authors :
Geuk Lee
Jiho Cho
Jeong-Min Kim
Han Lee
Source :
DEStech Transactions on Engineering and Technology Research.
Publication Year :
2017
Publisher :
DEStech Publications, 2017.

Abstract

The current backdoor program is executed in user mode, which is called application mode, it is possible to find backdoors by the integrity check of system file. However, for the backdoor program is executed in kernel module, it is impossible to find its existence by the integrity check of system file. Current detection system has limitation to detection this LKM (Loadable Kernel Module) backdoor because they just examine the changes on the System Call Table. In this paper, we suggest the method using log file and password to overcome the limitation which the current integrity check system can’t prevent attack using the kernel module.

Subjects

Subjects :
Password
Software_OPERATINGSYSTEMS
business.industry
Computer science
Loadable kernel module
computer.software_genre
Mode (computer interface)
System call
Embedded system
Kernel (statistics)
Operating system
Table (database)
Intrusion prevention system
business
computer
Backdoor

Details

ISSN :
2475885X
Database :
OpenAIRE
Journal :
DEStech Transactions on Engineering and Technology Research
Accession number :
edsair.doi...........bae1e98d5c1428d0a41da2429aa58569
Full Text :
https://doi.org/10.12783/dtetr/icamm2016/7344
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details