this is for holding javascript data
Igor.Korkin deleted file 4.1. Problem Statement.tex
over 9 years ago
Commit id: 3c6e22e6a50e8d00e06c6f7c17b7bdd9233d89c0
deletions | additions
diff --git a/4.1. Problem Statement.tex b/4.1. Problem Statement.tex
deleted file mode 100644
index e99d3f5..0000000
--- a/4.1. Problem Statement.tex
+++ /dev/null
...
\subsection{Problem Statement}
Cybercrime has become more and more sophisticated. Recently there has been a clear tendency or shift in computer attacks from mass infections to targeted attacks. E.Kaspersky assessed ‘IT threats that have evolved from cyber hooliganism, via cybercrime to cyber warfare’. The new type of malware appeared such as Stuxnet, Duqu, Flamer, Gauss, that many antivirus companies call a cyber-weapon.
Another example is spy network ‘Red October’ stole large amounts of data from diplomatic, government and science agencies in Europe, the Middle East and Central Asia for 5 years. Sophisticated intruder protection and heuristics did not prevent malware infection and subsequent activity [74].
Malware developers are working on long term attacks, which will give hackers an ongoing and virtually undetectable access to the target system [75, 76]. To ensure that malware has to use special rootkit mechanisms, which provide hiding of the following OS objects: processes, threads, drivers or services.
According to J.Rutkowska [77] there are two types of rootkit mechanisms to hide objects from built-in tools (for example ‘taskmgr.exe’ to get the processes list) which work in OS: functions-hooking mechanisms and direct kernel object manipulations (DKOM). Hooking is relatively simple to detect and will not be examined in this paper. Yet DKOM implementation uses minimal number of changes, which makes it the most complicated case for detection [78]. This case will be discussed later.
Current anti-rootkit approaches have significant disadvantages, i.e. they are either vulnerable, or their portability implies serious research.
Therefore the goal is to develop a new detection approach which is resilient to common rootkits tricks.
To develop a new detection method of rootkits let’s examine how OS works. After the process has been executed, the OS creates a structure which solely corresponds to this process, see Figure 2.
