FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4228999597> ?p ?o ?g. }

• W4228999597 abstract "Within the current threat landscape of cyberattacks, adversaries use a wide array of techniques to gain a persistent and covert presence on systems. Rootkits are a popular form of attack vector because they are a specialized form of malware that use stealth and administrative privilege to operate without detection. They can also use sophisticated active and passive measures to actually cripple normal defensive software. Zero-day rootkits are particularly dangerous in advanced persistent threat (APT) scenarios because typical signature-based methods of malware scanning are ineffective at detecting them. In this paper, we consider a more robust technique of dynamic malware detection that allows use of side-channel system properties as process-indicative data, allowing observation outside of a rootkit's ability to influence. In particular, we extend prior work that has used CPU power measurements as a means to detect rootkit execution. In this work we use a Data Acquisition (DAQ) system to collect data from an embedded analog power sensor to record low-frequency digital readings from three channels of a PC power supply. Of particular focus, we use a data-driven nonlinear phase space algorithm (NLPSA) to analyze power readings and perform supervised learning to discern infected versus non-infected states. Our initial case study using Windows 10 and Ubuntu rootkits shows that NLPSA can achieve perfect accuracy in distinguishing rootkit execution and normal system operation, confirming other similar studies where side-channel data are in view." @default.
• W4228999597 created "2022-05-08" @default.
• W4228999597 creator A5018123027 @default.
• W4228999597 creator A5041066365 @default.
• W4228999597 creator A5072898928 @default.
• W4228999597 creator A5090482148 @default.
• W4228999597 date "2022-04-18" @default.
• W4228999597 modified "2023-10-16" @default.
• W4228999597 title "Phase space power analysis for PC-based rootkit detection" @default.
• W4228999597 cites W1582940512 @default.
• W4228999597 cites W2061038495 @default.
• W4228999597 cites W2061486139 @default.
• W4228999597 cites W2067207087 @default.
• W4228999597 cites W2091052823 @default.
• W4228999597 cites W2140678915 @default.
• W4228999597 cites W2602229646 @default.
• W4228999597 cites W2807241260 @default.
• W4228999597 cites W2855084460 @default.
• W4228999597 cites W58545800 @default.
• W4228999597 cites W2792101620 @default.
• W4228999597 doi "https://doi.org/10.1145/3476883.3520212" @default.
• W4228999597 hasPublicationYear "2022" @default.
• W4228999597 type Work @default.
• W4228999597 citedByCount "0" @default.
• W4228999597 crossrefType "proceedings-article" @default.
• W4228999597 hasAuthorship W4228999597A5018123027 @default.
• W4228999597 hasAuthorship W4228999597A5041066365 @default.
• W4228999597 hasAuthorship W4228999597A5072898928 @default.
• W4228999597 hasAuthorship W4228999597A5090482148 @default.
• W4228999597 hasConcept C10144332 @default.
• W4228999597 hasConcept C111919701 @default.
• W4228999597 hasConcept C149635348 @default.
• W4228999597 hasConcept C2777904410 @default.
• W4228999597 hasConcept C38652104 @default.
• W4228999597 hasConcept C41008148 @default.
• W4228999597 hasConcept C541664917 @default.
• W4228999597 hasConcept C79403827 @default.
• W4228999597 hasConcept C9390403 @default.
• W4228999597 hasConcept C98045186 @default.
• W4228999597 hasConceptScore W4228999597C10144332 @default.
• W4228999597 hasConceptScore W4228999597C111919701 @default.
• W4228999597 hasConceptScore W4228999597C149635348 @default.
• W4228999597 hasConceptScore W4228999597C2777904410 @default.
• W4228999597 hasConceptScore W4228999597C38652104 @default.
• W4228999597 hasConceptScore W4228999597C41008148 @default.
• W4228999597 hasConceptScore W4228999597C541664917 @default.
• W4228999597 hasConceptScore W4228999597C79403827 @default.
• W4228999597 hasConceptScore W4228999597C9390403 @default.
• W4228999597 hasConceptScore W4228999597C98045186 @default.
• W4228999597 hasLocation W42289995971 @default.
• W4228999597 hasOpenAccess W4228999597 @default.
• W4228999597 hasPrimaryLocation W42289995971 @default.
• W4228999597 hasRelatedWork W1968637525 @default.
• W4228999597 hasRelatedWork W1994712384 @default.
• W4228999597 hasRelatedWork W2159077594 @default.
• W4228999597 hasRelatedWork W2313988643 @default.
• W4228999597 hasRelatedWork W3126185480 @default.
• W4228999597 hasRelatedWork W3170525725 @default.
• W4228999597 hasRelatedWork W4220751278 @default.
• W4228999597 hasRelatedWork W4251412400 @default.
• W4228999597 hasRelatedWork W4310805820 @default.
• W4228999597 hasRelatedWork W78951265 @default.
• W4228999597 isParatext "false" @default.
• W4228999597 isRetracted "false" @default.
• W4228999597 workType "article" @default.