Rootkit Detection on Embedded IoT Devices-Reference-Cited by-同舟云学术

Rootkit Detection on Embedded IoT Devices

Published:2021-08-04 Issue:2 Volume:25 Page:369-400
ISSN:2676-993X
Container-title:Acta Cybernetica
language:
Short-container-title:Acta Cybern

Author:

Nagy Roland^ORCID,Németh Krisztián^ORCID,Papp Dorottya^ORCID,Buttyán Levente^ORCID

Abstract

IoT systems are subject to cyber attacks, including infecting embedded IoT devices with rootkits. Rootkits are malicious software that typically run with elevated privileges, which makes their detection challenging. In this paper, we address this challenge: we propose a rootkit detection approach for embedded IoT devices that takes advantage of a trusted execution environment (TEE), which is often supported on popular IoT platforms, such as ARM based embedded boards. The TEE provides an isolated environment for our rootkit detection algorithms, and prevents the rootkit from interfering with their execution even if the rootkit has root privileges on the untrusted part of the IoT device. Our rootkit detection algorithms identify modifications made by the rootkit to the code of the operating system kernel, to system programs, and to data influencing the control flow (e.g., hooking system calls), as well as inconsistencies created by the rootkit in certain kernel data structures (e.g., those responsible to handle process related information). We also propose algorithms to detect rootkit components in the persistent storage of the device. Besides describing our approach and algorithms in details, we also report on a prototype implementation and on the evaluation of our design and implementation, which is based on testing our prototype with rootkits that we developed for this purpose.

Publisher

University of Szeged

Subject

Computer Vision and Pattern Recognition,Software,Computer Science (miscellaneous),Electrical and Electronic Engineering,Information Systems and Management,Management Science and Operations Research,Theoretical Computer Science

Reference28 articles.

1. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. Understanding the Mirai botnet. In USENIX Security Symposium, August 2017. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

2. Baliga, A, Chen, X, and Iftode, L. Paladin: Automated detection and containment of rootkit attacks. Technical report, Rutgers University Department of Computer Science, 2006. URL: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.74.9742&rep=rep1&type=pdf

3. Detecting Kernel-Level Rootkits Using Data Structure Invariants

4. Bharadwaj, R. Mastering Linux Kernel Development. Packt Publishing, 2017. ISBN: 9781785883057.

5. Blunden, William. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones and Bartlett Learning, 2012. ISBN: 9781449626372.

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Review of Smart-Home Security Using the Internet of Things;Electronics;2024-08-22

2. Rootkit Detection Using Hybrid Machine Learning Models and Deep Learning Model: Implementation;2024 International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI);2024-05-09

3. Rootkit Detection using Deep Learning: A Comprehensive Survey;2024 10th International Conference on Communication and Signal Processing (ICCSP);2024-04-12

4. Drootkit: Kernel-Level Rootkit Detection and Recovery Based on eBPF;Journal of Circuits, Systems and Computers;2023-09-30

5. Machine Learning and Deep Learning Based Model for the Detection of Rootkits Using Memory Analysis;Applied Sciences;2023-09-27