Open Access
Detecting and Guarding against Kernel Backdoors through Packet Flow Differentials
-
Full Text Views
114
- Cite this
- Free PDF (682.2KB)
Summary :
In this paper, we present a novel technique to detect and defeat kernel backdoors which cannot be identified by conventional security solutions. We focus on the fact that since the packet flows of common network applications go up and down through the whole network subsystem but kernel backdoors utilize only the lower layers of the subsystem, we can detect kernel backdoors by employing two host-based monitoring sensors (one at higher layer and the other at lower layer) and by inspecting the packet flow differentials. We also provide strategies to mitigate false positives and negatives and to defeat kernel backdoors. To evaluate the effectiveness of the proposed technique, we implemented a detection system (KbGuard) and performed experiments in a simulated environment. The evaluation results indicate that our approach can effectively detect and deactivate kernel backdoors with a high detection rate. We also believe that our research can help prevent stealthy threats of kernel backdoors.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E90-B No.10 pp.2638-2645
- Publication Date
- 2007/10/01
- Publicized
- Online ISSN
- 1745-1345
- DOI
- 10.1093/ietcom/e90-b.10.2638
- Type of Manuscript
- Special Section PAPER (Special Section on New Challenge for Internet Technology and its Architecture)
- Category
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Cheolho LEE, Kiwook SOHN, "Detecting and Guarding against Kernel Backdoors through Packet Flow Differentials" in IEICE TRANSACTIONS on Communications,
vol. E90-B, no. 10, pp. 2638-2645, October 2007, doi: 10.1093/ietcom/e90-b.10.2638.
Abstract: In this paper, we present a novel technique to detect and defeat kernel backdoors which cannot be identified by conventional security solutions. We focus on the fact that since the packet flows of common network applications go up and down through the whole network subsystem but kernel backdoors utilize only the lower layers of the subsystem, we can detect kernel backdoors by employing two host-based monitoring sensors (one at higher layer and the other at lower layer) and by inspecting the packet flow differentials. We also provide strategies to mitigate false positives and negatives and to defeat kernel backdoors. To evaluate the effectiveness of the proposed technique, we implemented a detection system (KbGuard) and performed experiments in a simulated environment. The evaluation results indicate that our approach can effectively detect and deactivate kernel backdoors with a high detection rate. We also believe that our research can help prevent stealthy threats of kernel backdoors.
URL: https://globals.ieice.org/en_transactions/communications/10.1093/ietcom/e90-b.10.2638/_p
Copy
@ARTICLE{e90-b_10_2638,
author={Cheolho LEE, Kiwook SOHN, },
journal={IEICE TRANSACTIONS on Communications},
title={Detecting and Guarding against Kernel Backdoors through Packet Flow Differentials},
year={2007},
volume={E90-B},
number={10},
pages={2638-2645},
abstract={In this paper, we present a novel technique to detect and defeat kernel backdoors which cannot be identified by conventional security solutions. We focus on the fact that since the packet flows of common network applications go up and down through the whole network subsystem but kernel backdoors utilize only the lower layers of the subsystem, we can detect kernel backdoors by employing two host-based monitoring sensors (one at higher layer and the other at lower layer) and by inspecting the packet flow differentials. We also provide strategies to mitigate false positives and negatives and to defeat kernel backdoors. To evaluate the effectiveness of the proposed technique, we implemented a detection system (KbGuard) and performed experiments in a simulated environment. The evaluation results indicate that our approach can effectively detect and deactivate kernel backdoors with a high detection rate. We also believe that our research can help prevent stealthy threats of kernel backdoors.},
keywords={},
doi={10.1093/ietcom/e90-b.10.2638},
ISSN={1745-1345},
month={October},}
Copy
TY - JOUR
TI - Detecting and Guarding against Kernel Backdoors through Packet Flow Differentials
T2 - IEICE TRANSACTIONS on Communications
SP - 2638
EP - 2645
AU - Cheolho LEE
AU - Kiwook SOHN
PY - 2007
DO - 10.1093/ietcom/e90-b.10.2638
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E90-B
IS - 10
JA - IEICE TRANSACTIONS on Communications
Y1 - October 2007
AB - In this paper, we present a novel technique to detect and defeat kernel backdoors which cannot be identified by conventional security solutions. We focus on the fact that since the packet flows of common network applications go up and down through the whole network subsystem but kernel backdoors utilize only the lower layers of the subsystem, we can detect kernel backdoors by employing two host-based monitoring sensors (one at higher layer and the other at lower layer) and by inspecting the packet flow differentials. We also provide strategies to mitigate false positives and negatives and to defeat kernel backdoors. To evaluate the effectiveness of the proposed technique, we implemented a detection system (KbGuard) and performed experiments in a simulated environment. The evaluation results indicate that our approach can effectively detect and deactivate kernel backdoors with a high detection rate. We also believe that our research can help prevent stealthy threats of kernel backdoors.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
