Discover Your Island University

Graduate Projects

View

Project ID: 389
Author: Srikanth Padakanti
Project Title: Rootkits Detection Using Inline Hooking
Semester: 2 2012
Committe Chair: Dr. Mario Garcia
Committee Member 1: Dr. Dulal Kar
Committee Member 2: Dr. David Thomas
Project Description: A rootkit is simply defined as a software or piece of code, which is designed to gain the root level access over a system by hiding its footprint from the operating system and the end user by using stealth techniques. There are many techniques and tools currently available in the market to detect whether a computer system has a rootkit or not. The research is mainly focused on the rootkits that perform inline hooking. All the techniques and tools give results based on the signature format which is already in existence. When coming to new rootkits with new behavior or different heuristics, the tool may not detect them. For this reason, research is mainly focused on the behavioral characteristics of the rootkits. The whole research is divided into two phases: In the first phase, a wide variety of rootkits and their characteristics are studied and then in the second phase, by the type and kind of hooks a rootkit does, the rootkit family is detected. Out of many hooks, only inline hooking is considered in this project and analyzes the hook place and does some statistical analysis to make a decision to which family it belongs to.
Project URL:   389.pdf