Detailed Information
Cited 1 time in 
Cited 2 time in 
Cited 2 time in
Metadata Downloads
Dual-Mode Kernel Rootkit Scan and Recovery with Process ID Brute-Force
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Choi, Ji-Won | - |
| dc.contributor.author | Park, Sang-Jun | - |
| dc.contributor.author | Byeon, Seong-Jin | - |
| dc.contributor.author | Kim, Dongho | - |
| dc.date.accessioned | 2024-09-26T09:02:36Z | - |
| dc.date.available | 2024-09-26T09:02:36Z | - |
| dc.date.issued | 2017-03 | - |
| dc.identifier.issn | 1936-6612 | - |
| dc.identifier.issn | 1936-7317 | - |
| dc.identifier.uri | https://scholarworks.dongguk.edu/handle/sw.dongguk/23745 | - |
| dc.description.abstract | Rootkit is a malware that attacks a system continuously by hiding files, processes, and registries in a system. DKOM (Direct Kernel Object Manipulation) is a process hiding technique that manipulates a kernel object. AL-DKOM (All Link-Direct Kernel Object Manipulation) is an extended version of DKOM that manipulates all the modifiable links in the kernel object. It is difficult to detect with existing tools. This paper designed and implemented a new AL-DKOM detection system using dual-mode operation and PIDB-based process scan that was not possible with existing List Walking method. In addition, we explain the recovery procedure of the infected system and flexible system management via process recovery that has not been tried before. We then show the performance of the new system by comparing and analyzing the effectiveness of the new system and existing rootkit scanning tools with real rootkit samples. | - |
| dc.format.extent | 5 | - |
| dc.language | 영어 | - |
| dc.language.iso | ENG | - |
| dc.publisher | AMER SCIENTIFIC PUBLISHERS | - |
| dc.title | Dual-Mode Kernel Rootkit Scan and Recovery with Process ID Brute-Force | - |
| dc.type | Article | - |
| dc.publisher.location | 미국 | - |
| dc.identifier.doi | 10.1166/asl.2017.8624 | - |
| dc.identifier.scopusid | 2-s2.0-85018562778 | - |
| dc.identifier.wosid | 000403973500018 | - |
| dc.identifier.bibliographicCitation | ADVANCED SCIENCE LETTERS, v.23, no.3, pp 1573 - 1577 | - |
| dc.citation.title | ADVANCED SCIENCE LETTERS | - |
| dc.citation.volume | 23 | - |
| dc.citation.number | 3 | - |
| dc.citation.startPage | 1573 | - |
| dc.citation.endPage | 1577 | - |
| dc.type.docType | Proceedings Paper | - |
| dc.description.isOpenAccess | N | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Science & Technology - Other Topics | - |
| dc.relation.journalWebOfScienceCategory | Multidisciplinary Sciences | - |
| dc.subject.keywordAuthor | Rootkit | - |
| dc.subject.keywordAuthor | PIDB | - |
| dc.subject.keywordAuthor | AL-DKOM | - |
| dc.subject.keywordAuthor | Dual-Mode | - |
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - ETC > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Related Researcher
- Kim, Dong Ho
- Software Education Institute