Intrusion Prevention Method on LKM (Loadable Kernel Module) Backdoor Attack

Ji-Ho CHO, Han LEE, Jeong-Min KIM, Geuk LEE

Abstract


The current backdoor program is executed in user mode, which is called application mode, it is possible to find backdoors by the integrity check of system file. However, for the backdoor program is executed in kernel module, it is impossible to find its existence by the integrity check of system file. Current detection system has limitation to detection this LKM (Loadable Kernel Module) backdoor because they just examine the changes on the System Call Table. In this paper, we suggest the method using log file and password to overcome the limitation which the current integrity check system can’t prevent attack using the kernel module.

Keywords


Loadable kernel module, Backdoor, Intrusion prevention.


DOI
10.12783/dtetr/icamm2016/7344

Full Text:

PDF

Refbacks

  • There are currently no refbacks.