2 research outputs found
Rootkit Detection Using A Cross-View Clean Boot Method
In cyberspace, attackers commonly infect computer systems with malware to gain capabilities such as remote access, keylogging, and stealth. Many malware samples include rootkit functionality to hide attacker activities on the target system. After detection, users can remove the rootkit and associated malware from the system with commercial tools. This research describes, implements, and evaluates a clean boot method using two partitions to detect rootkits on a system. One partition is potentially infected with a rootkit while the other is clean. The method obtains directory listings of the potentially infected operating system from each partition and compares the lists to find hidden files. While the clean boot method is similar to other cross-view detection techniques, this method is unique because it uses a clean partition of the same system as the clean operating system, rather than external media. The method produces a 0% false positive rate and a 40.625% true positive rate. In operation, the true positive rate should increase because the experiment produces limitations that prevent many rootkits from working properly. Limitations such as incorrect rootkit setup and rootkits that detect VMware prevent the method from detecting rootkit behavior in this experiment. Vulnerabilities of the method include the assumption that the system restore folder is clean and the assumption that the clean partition is clean. This thesis provides recommendations for more effective rootkit detection
Recommended from our members
Hepatitis C virus infects rhesus macaque hepatocytes and simianized mice
At least 170 million people are chronically infected with hepatitis C virus (HCV). Due to the
narrow host range of HCV and restricted use of chimpanzees, there is currently no suitable animal
model for HCV pathogenesis studies or the development of a HCV vaccine. To identify cellular
determinants of interspecies transmission and establish a novel immunocompetent model system,
we examined the ability of HCV to infect hepatocytes from a small non-human primate, the rhesus
macaque (Macaca mulatta). We show that the rhesus orthologs of critical HCV entry factors
support viral glycoprotein-dependent virion uptake. Primary hepatocytes from rhesus macaques
are also permissive for HCV RNA replication and particle production, which is enhanced when
antiviral signaling is suppressed. We demonstrate that this may be due to the diminished capacity
of HCV to antagonize MAVS-dependent innate cellular defenses. To test the ability of HCV to
establish persistent replication in vivo, we engrafted primary rhesus macaque hepatocytes into immunocompromised xenorecipients. Inoculation of resulting simian liver chimeric mice with
either HCV genotype 1a or 2a resulted in HCV serum viremia for up to 10 weeks. Conclusion:
Together, these data indicate that rhesus macaques may be a viable model for HCV and implicate
host immunity as a potential species-specific barrier to HCV infection. We conclude that
suppression of host immunity or further viral adaptation may allow robust HCV infection in
rhesus macaques and creation of a new animal model for studies of HCV pathogenesis, lentivirus
coinfection and vaccine development