Operating system kernel malware characterization using data-centric approach

Malicious software or malware is any malicious code in software that can be used to compromise computer operations, gather sensitive information, gain access to private computer resources and do any illegitimate action on data, host or networks. In this modern technology, malware is rapidly evolved...

Full description

Saved in:
Bibliographic Details
Main Author: Mohamad Har, Harmi Armira
Format: Thesis
Language:English
Published: 2018
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/68910/1/FSKTM%202018%2029%20-%20IR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-upm-ir.68910
record_format uketd_dc
spelling my-upm-ir.689102019-06-18T01:38:30Z Operating system kernel malware characterization using data-centric approach 2018-01 Mohamad Har, Harmi Armira Malicious software or malware is any malicious code in software that can be used to compromise computer operations, gather sensitive information, gain access to private computer resources and do any illegitimate action on data, host or networks. In this modern technology, malware is rapidly evolved through various stealth techniques to avoid detection. Malware is able to infect and exploit resource from various system platforms. Those evolvements and advanced trick caused code-centric approach becomes less-effective. Especially when the code-centric approach is used to detect OS kernel malware, the approach becomes inflexible as they are good in hiding themselves and cover up their track. Moreover, OS kernel malware also is able to circumvent detection by varying the pattern of code execution. Therefore, this project is proposing a quite brand new approach which is data-centric approach by characterizing the OS kernel malware. This approach tries to detect OS rootkits based on trace pattern found in memory dump content. In order to implement this approach, a Data-Centric OS Kernel Malware Characterization framework is being used. This framework consists of two main components. The first component in this framework is a Dataset of Rootkits Characterization that will create dataset by identifying memory dump content that indicates the trace of rootkits. The second component which is Determine the Rootkits Presence that able to detect rootkits based on signature created on component one. By collecting the benign and malicious sample, an analysis is being done to create the rootkits signature. This approach is able to detect and calculate the percentage of unknown samples. As for future enhancement, it is better to use more benign and malicious sample to be analyzed. This will increase the accuracy of the result and get more valid rootkits signature. Malware (Computer software) Computer security 2018-01 Thesis http://psasir.upm.edu.my/id/eprint/68910/ http://psasir.upm.edu.my/id/eprint/68910/1/FSKTM%202018%2029%20-%20IR.pdf text en public masters Universiti Putra Malaysia Malware (Computer software) Computer security
institution Universiti Putra Malaysia
collection PSAS Institutional Repository
language English
topic Malware (Computer software)
Computer security

spellingShingle Malware (Computer software)
Computer security

Mohamad Har, Harmi Armira
Operating system kernel malware characterization using data-centric approach
description Malicious software or malware is any malicious code in software that can be used to compromise computer operations, gather sensitive information, gain access to private computer resources and do any illegitimate action on data, host or networks. In this modern technology, malware is rapidly evolved through various stealth techniques to avoid detection. Malware is able to infect and exploit resource from various system platforms. Those evolvements and advanced trick caused code-centric approach becomes less-effective. Especially when the code-centric approach is used to detect OS kernel malware, the approach becomes inflexible as they are good in hiding themselves and cover up their track. Moreover, OS kernel malware also is able to circumvent detection by varying the pattern of code execution. Therefore, this project is proposing a quite brand new approach which is data-centric approach by characterizing the OS kernel malware. This approach tries to detect OS rootkits based on trace pattern found in memory dump content. In order to implement this approach, a Data-Centric OS Kernel Malware Characterization framework is being used. This framework consists of two main components. The first component in this framework is a Dataset of Rootkits Characterization that will create dataset by identifying memory dump content that indicates the trace of rootkits. The second component which is Determine the Rootkits Presence that able to detect rootkits based on signature created on component one. By collecting the benign and malicious sample, an analysis is being done to create the rootkits signature. This approach is able to detect and calculate the percentage of unknown samples. As for future enhancement, it is better to use more benign and malicious sample to be analyzed. This will increase the accuracy of the result and get more valid rootkits signature.
format Thesis
qualification_level Master's degree
author Mohamad Har, Harmi Armira
author_facet Mohamad Har, Harmi Armira
author_sort Mohamad Har, Harmi Armira
title Operating system kernel malware characterization using data-centric approach
title_short Operating system kernel malware characterization using data-centric approach
title_full Operating system kernel malware characterization using data-centric approach
title_fullStr Operating system kernel malware characterization using data-centric approach
title_full_unstemmed Operating system kernel malware characterization using data-centric approach
title_sort operating system kernel malware characterization using data-centric approach
granting_institution Universiti Putra Malaysia
publishDate 2018
url http://psasir.upm.edu.my/id/eprint/68910/1/FSKTM%202018%2029%20-%20IR.pdf
_version_ 1747812647671169024