著者

Sebastian Eresheim Robert Luh Sebastian Schrittwieser

出版者

Information Processing Society of Japan

雑誌

Journal of Information Processing (ISSN:18826652)

巻号頁・発行日

vol.25, pp.866-874, 2017 (Released:2017-09-15)

参考文献数

60

被引用文献数

1 9

---

Rootkits constitute a significant threat to modern computing and information systems. Since their first appearance in the early 1990's they have steadily evolved, adapting to ever-improving security measures. The main feature rootkits have in common is the ability to hide their malicious presence and activities from the operating system and its legitimate users. In this paper we systematically analyze process hiding techniques routinely used by rootkit malware. We summarize the characteristics of different approaches and discuss their advantages and limitations. Furthermore, we assess detection and prevention techniques introduced in operating systems in response to the threat of hidden malware. The results of our assessments show that defenders still struggle to keep up with rootkit authors. At the same time we see a shift towards powerful VM-based techniques that will continue to evolve over the coming years.