FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4385781435> ?p ?o ?g. }

• W4385781435 abstract "The concealment of rootkits makes them a significant security threat. Kernel-level rootkits can be extremely dangerous as they have high system privileges. A typical type of kernel-level rootkits is to hook system calls which are essential for overall system functionality. This paper presents drootkit, a tool to detect kernel-level rootkits that hook system calls. Additionally, drootkit can recover damaged systems. This tool utilizes eBPF technology, ensuring both flexibility and security. When installing new kernel modules, the virtual address range of the initial kernel code will not be affected. In light of this, drootkit conducts bounds checking on all system calls within the system. In the case of system calls being hooked, drootkit can detect and recover them while issuing warning messages. For testing purposes, this paper also implements a malicious kernel module that can hook system calls and run on the arm64 platform. We have conducted an experiment that confirms drootkit’s capability to detect rootkits while also effectively restoring the system. Moreover, drootkit has very low system overhead and does not significantly affect system performance, making it a reliable choice for a backend program that can run for an extended period of time." @default.
• W4385781435 created "2023-08-13" @default.
• W4385781435 creator A5005373732 @default.
• W4385781435 creator A5030217631 @default.
• W4385781435 creator A5031860907 @default.
• W4385781435 creator A5036533621 @default.
• W4385781435 creator A5068289886 @default.
• W4385781435 creator A5091908162 @default.
• W4385781435 date "2023-09-30" @default.
• W4385781435 modified "2023-10-16" @default.
• W4385781435 title "Drootkit: Kernel-level Rootkit Detection and Recovery Based on eBPF" @default.
• W4385781435 doi "https://doi.org/10.1142/s0218126624500737" @default.
• W4385781435 hasPublicationYear "2023" @default.
• W4385781435 type Work @default.
• W4385781435 citedByCount "0" @default.
• W4385781435 crossrefType "journal-article" @default.
• W4385781435 hasAuthorship W4385781435A5005373732 @default.
• W4385781435 hasAuthorship W4385781435A5030217631 @default.
• W4385781435 hasAuthorship W4385781435A5031860907 @default.
• W4385781435 hasAuthorship W4385781435A5036533621 @default.
• W4385781435 hasAuthorship W4385781435A5068289886 @default.
• W4385781435 hasAuthorship W4385781435A5091908162 @default.
• W4385781435 hasConcept C10144332 @default.
• W4385781435 hasConcept C105795698 @default.
• W4385781435 hasConcept C111919701 @default.
• W4385781435 hasConcept C114614502 @default.
• W4385781435 hasConcept C149635348 @default.
• W4385781435 hasConcept C2778579508 @default.
• W4385781435 hasConcept C2779960059 @default.
• W4385781435 hasConcept C2780598303 @default.
• W4385781435 hasConcept C33923547 @default.
• W4385781435 hasConcept C38652104 @default.
• W4385781435 hasConcept C41008148 @default.
• W4385781435 hasConcept C541664917 @default.
• W4385781435 hasConcept C553261973 @default.
• W4385781435 hasConcept C74193536 @default.
• W4385781435 hasConceptScore W4385781435C10144332 @default.
• W4385781435 hasConceptScore W4385781435C105795698 @default.
• W4385781435 hasConceptScore W4385781435C111919701 @default.
• W4385781435 hasConceptScore W4385781435C114614502 @default.
• W4385781435 hasConceptScore W4385781435C149635348 @default.
• W4385781435 hasConceptScore W4385781435C2778579508 @default.
• W4385781435 hasConceptScore W4385781435C2779960059 @default.
• W4385781435 hasConceptScore W4385781435C2780598303 @default.
• W4385781435 hasConceptScore W4385781435C33923547 @default.
• W4385781435 hasConceptScore W4385781435C38652104 @default.
• W4385781435 hasConceptScore W4385781435C41008148 @default.
• W4385781435 hasConceptScore W4385781435C541664917 @default.
• W4385781435 hasConceptScore W4385781435C553261973 @default.
• W4385781435 hasConceptScore W4385781435C74193536 @default.
• W4385781435 hasFunder F4320321001 @default.
• W4385781435 hasFunder F4320322843 @default.
• W4385781435 hasFunder F4320323172 @default.
• W4385781435 hasLocation W43857814351 @default.
• W4385781435 hasOpenAccess W4385781435 @default.
• W4385781435 hasPrimaryLocation W43857814351 @default.
• W4385781435 hasRelatedWork W143519483 @default.
• W4385781435 hasRelatedWork W2025088090 @default.
• W4385781435 hasRelatedWork W2122658150 @default.
• W4385781435 hasRelatedWork W2171038386 @default.
• W4385781435 hasRelatedWork W2354398839 @default.
• W4385781435 hasRelatedWork W2582087290 @default.
• W4385781435 hasRelatedWork W2613661467 @default.
• W4385781435 hasRelatedWork W2623897431 @default.
• W4385781435 hasRelatedWork W2965939924 @default.
• W4385781435 hasRelatedWork W4386089569 @default.
• W4385781435 isParatext "false" @default.
• W4385781435 isRetracted "false" @default.
• W4385781435 workType "article" @default.