{"id":"https://openalex.org/W1523988381","doi":"https://doi.org/10.1007/978-0-387-73742-3_7","title":"A Method for Detecting Linux Kernel Module Rootkits","display_name":"A Method for Detecting Linux Kernel Module Rootkits","publication_year":2007,"publication_date":"2007-11-13","ids":{"openalex":"https://openalex.org/W1523988381","doi":"https://doi.org/10.1007/978-0-387-73742-3_7","mag":"1523988381"},"language":"en","primary_location":{"id":"doi:10.1007/978-0-387-73742-3_7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-0-387-73742-3_7","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-0-387-73742-3_7.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP \u2014 The International Federation for Information Processing","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://link.springer.com/content/pdf/10.1007%2F978-0-387-73742-3_7.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021349652","display_name":"Doug Wampler","orcid":null},"institutions":[{"id":"https://openalex.org/I142740786","display_name":"University of Louisville","ror":"https://ror.org/01ckdn478","country_code":"US","type":"education","lineage":["https://openalex.org/I142740786"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Doug Wampler","raw_affiliation_strings":["Computer Science and Engineering, University of Louisville, Louisville"],"affiliations":[{"raw_affiliation_string":"Computer Science and Engineering, University of Louisville, Louisville","institution_ids":["https://openalex.org/I142740786"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010526590","display_name":"James Graham","orcid":"https://orcid.org/0000-0001-5217-3104"},"institutions":[{"id":"https://openalex.org/I142740786","display_name":"University of Louisville","ror":"https://ror.org/01ckdn478","country_code":"US","type":"education","lineage":["https://openalex.org/I142740786"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James Graham","raw_affiliation_strings":["Computer Science and Engineering, University of Louisville, Louisville"],"affiliations":[{"raw_affiliation_string":"Computer Science and Engineering, University of Louisville, Louisville","institution_ids":["https://openalex.org/I142740786"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5021349652"],"corresponding_institution_ids":["https://openalex.org/I142740786"],"apc_list":null,"apc_paid":null,"fwci":0.6819,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.64196799,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"107","last_page":"116"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.9452303647994995},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.8382312655448914},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7458594441413879},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.510139524936676},{"id":"https://openalex.org/keywords/a-priori-and-a-posteriori","display_name":"A priori and a posteriori","score":0.4931003749370575},{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.45782408118247986},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.42874160408973694},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.10054168105125427},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09094151854515076}],"concepts":[{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.9452303647994995},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.8382312655448914},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7458594441413879},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.510139524936676},{"id":"https://openalex.org/C75553542","wikidata":"https://www.wikidata.org/wiki/Q178161","display_name":"A priori and a posteriori","level":2,"score":0.4931003749370575},{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.45782408118247986},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.42874160408973694},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.10054168105125427},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09094151854515076},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-0-387-73742-3_7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-0-387-73742-3_7","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-0-387-73742-3_7.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP \u2014 The International Federation for Information Processing","raw_type":"book-chapter"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.134.3527","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.134.3527","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://kappa.slug.louisville.edu/~drwamp01/ifip/ifip.pdf","raw_type":"text"}],"best_oa_location":{"id":"doi:10.1007/978-0-387-73742-3_7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-0-387-73742-3_7","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-0-387-73742-3_7.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP \u2014 The International Federation for Information Processing","raw_type":"book-chapter"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5099999904632568}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W1523988381.pdf","grobid_xml":"https://content.openalex.org/works/W1523988381.grobid-xml"},"referenced_works_count":11,"referenced_works":["https://openalex.org/W13960567","https://openalex.org/W161166442","https://openalex.org/W202400472","https://openalex.org/W1508855726","https://openalex.org/W1972479252","https://openalex.org/W2003505783","https://openalex.org/W2154933195","https://openalex.org/W2912060910","https://openalex.org/W2914346879","https://openalex.org/W2954168833","https://openalex.org/W6638935953"],"related_works":["https://openalex.org/W2354398839","https://openalex.org/W1979897749","https://openalex.org/W2297549974","https://openalex.org/W2025088090","https://openalex.org/W2371149587","https://openalex.org/W2354333148","https://openalex.org/W2377509977","https://openalex.org/W1969105756","https://openalex.org/W2171038386","https://openalex.org/W1514297880"],"abstract_inverted_index":{"Several":[0],"methods":[1],"exist":[2],"for":[3],"detecting":[4],"Linux":[5],"kernel":[6],"module":[7],"(LKM)":[8],"rootkits,":[9],"most":[10],"of":[11,29,32,53,83],"which":[12],"rely":[13],"on":[14,43],"a":[15,46,58,64,80],"priori":[16],"system-specific":[17],"knowledge.":[18],"We":[19],"propose":[20],"an":[21,37],"alternative":[22],"detection":[23],"technique":[24,41,48],"that":[25,49,62,71],"only":[26],"requires":[27],"knowledge":[28],"the":[30,51],"distribution":[31,52],"system":[33,54,60],"call":[34,55],"addresses":[35,56],"in":[36,57,63],"uninfected":[38,66],"system.":[39,67],"Our":[40],"relies":[42],"outlier":[44],"analysis,":[45],"statistical":[47],"compares":[50],"suspect":[59],"to":[61,75],"known":[65],"Experimental":[68],"results":[69],"indicate":[70],"it":[72],"is":[73],"possible":[74],"detect":[76],"LKM":[77],"rootkits":[78],"with":[79],"high":[81],"degree":[82],"confidence.":[84]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}