|Project Description: ||A rootkit is simply defined as a software or piece of code, which is designed to gain the root level access over a system by hiding its footprint from the operating system and the end user by using stealth techniques. There are many techniques and tools currently available in the market to detect whether a computer system has a rootkit or not. The research is mainly focused on the rootkits that perform inline hooking.
All the techniques and tools give results based on the signature format which is already in existence. When coming to new rootkits with new behavior or different heuristics, the tool may not detect them. For this reason, research is mainly focused on the behavioral characteristics of the rootkits. The whole research is divided into two phases: In the first phase, a wide variety of rootkits and their characteristics are studied and then in the second phase, by the type and kind of hooks a rootkit does, the rootkit family is detected. Out of many hooks, only inline hooking is considered in this project and analyzes the hook place and does some statistical analysis to make a decision to which family it belongs to.