{"id":"https://openalex.org/W2060243424","doi":"https://doi.org/10.1145/1988997.1989022","title":"An online cross view difference and behavior based kernel rootkit detector","display_name":"An online cross view difference and behavior based kernel rootkit detector","publication_year":2011,"publication_date":"2011-08-04","ids":{"openalex":"https://openalex.org/W2060243424","doi":"https://doi.org/10.1145/1988997.1989022","mag":"2060243424"},"language":"en","primary_location":{"id":"doi:10.1145/1988997.1989022","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1988997.1989022","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078333353","display_name":"Chandrabhanu Mahapatra","orcid":null},"institutions":[{"id":"https://openalex.org/I122964287","display_name":"National Institute of Technology Tiruchirappalli","ror":"https://ror.org/047x65e68","country_code":"IN","type":"education","lineage":["https://openalex.org/I122964287"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Chandrabhanu Mahapatra","raw_affiliation_strings":["National Institute of Technology Tiruchirappalli, Tiruchirappalli, Tamil Nadu, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Technology Tiruchirappalli, Tiruchirappalli, Tamil Nadu, India","institution_ids":["https://openalex.org/I122964287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5115602969","display_name":"S. Selvakumar","orcid":"https://orcid.org/0000-0001-9471-7632"},"institutions":[{"id":"https://openalex.org/I122964287","display_name":"National Institute of Technology Tiruchirappalli","ror":"https://ror.org/047x65e68","country_code":"IN","type":"education","lineage":["https://openalex.org/I122964287"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"S. Selvakumar","raw_affiliation_strings":["National Institute of Technology Tiruchirappalli, Tiruchirappalli, Tamil Nadu, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Technology Tiruchirappalli, Tiruchirappalli, Tamil Nadu, India","institution_ids":["https://openalex.org/I122964287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5078333353"],"corresponding_institution_ids":["https://openalex.org/I122964287"],"apc_list":null,"apc_paid":null,"fwci":0.4396,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.73197135,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"36","issue":"4","first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.9939013719558716},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6889773011207581},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6212900876998901},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6021662354469299},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.5682651400566101},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4220251441001892},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.40640246868133545}],"concepts":[{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.9939013719558716},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6889773011207581},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6212900876998901},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6021662354469299},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.5682651400566101},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4220251441001892},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.40640246868133545}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1988997.1989022","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1988997.1989022","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.800000011920929,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W49246925","https://openalex.org/W170643029","https://openalex.org/W1585450198","https://openalex.org/W1742385376","https://openalex.org/W2002716283","https://openalex.org/W2041770128","https://openalex.org/W2065566278","https://openalex.org/W2091618476","https://openalex.org/W2154081981","https://openalex.org/W2615524609","https://openalex.org/W4242216933"],"related_works":["https://openalex.org/W1994712384","https://openalex.org/W4240186231","https://openalex.org/W2354398839","https://openalex.org/W2166844173","https://openalex.org/W2439951656","https://openalex.org/W3170525725","https://openalex.org/W1565457235","https://openalex.org/W2377509977","https://openalex.org/W1573526548","https://openalex.org/W1998188341"],"abstract_inverted_index":{"Kernel":[0,178],"level":[1],"rootkits":[2,83,224,230],"pose":[3],"a":[4,184,232],"serious":[5],"threat":[6],"today":[7],"as":[8,70,133,238],"they":[9],"not":[10],"only":[11,65],"mask":[12,19],"the":[13,20,34,91,94,100,117,122,152,220,262,313,316],"presence":[14],"of":[15,37,61,75,93,125,198,205,207,222,235,244,252,285,305,315],"themselves":[16],"but":[17],"also":[18],"malware":[21],"that":[22,53,191],"comes":[23],"attached":[24],"with":[25],"them.":[26,174],"Rootkits":[27],"achieve":[28],"such":[29,132,237],"stealthy":[30],"behavior":[31,167,251],"by":[32,40,116,307],"manipulating":[33],"control":[35],"flow":[36],"system":[38,102,289,299],"calls":[39],"hooks":[41,241],"and":[42,47,82,84,107,139,146,159,166,186,195,213,216,225,242,260,273,287,300],"kernel":[43,169,240,245,263,308,317],"objects,":[44,246],"viz.,":[45],"driver":[46],"process":[48],"list":[49],"directly.":[50],"Existing":[51],"Antiviruses":[52,77],"rely":[54],"on":[55,99,111,296],"signature":[56],"based":[57,168],"techniques":[58,131],"for":[59,302],"detection":[60,130,197,221,314],"malwares":[62],"are":[63,88,276],"effective":[64],"against":[66,278],"known":[67],"rootkits.":[68,309,318],"However,":[69],"hackers":[71],"change":[72],"coding":[73],"style":[74],"rootkits,":[76],"fail":[78,147],"to":[79,105,148,172,258,282],"detect":[80,259],"them":[81,267],"their":[85],"malicious":[86],"activities":[87],"hidden":[89,223,227],"from":[90,268],"view":[92,164,188,203],"administrator.":[95],"Thus,":[96],"all":[97,108],"data":[98],"compromised":[101],"becomes":[103],"vulnerable":[104],"theft":[106],"services":[109],"running":[110],"it":[112],"can":[113],"be":[114],"misused":[115],"remote":[118],"attacker":[119],"without":[120],"even":[121],"slightest":[123],"chance":[124],"being":[126],"discovered.":[127],"Other":[128],"rootkit":[129,170,199,253],"integrity":[134],"checking,":[135],"alternate":[136],"trusted":[137],"medium,":[138],"memory":[140,274],"dumping":[141],"require":[142],"frequent":[143],"offline":[144],"analysis":[145,194],"unload":[149],"or":[150],"block":[151],"rootkit.":[153],"This":[154,248,291],"paper":[155],"addresses,":[156],"these":[157],"challenges":[158],"proposes":[160],"an":[161],"online":[162,193],"cross":[163,187],"difference":[165,204],"detector":[171],"overcome":[173],"Our":[175],"proposed":[176],"solution":[177,190],"Rootkit":[179],"Trojan":[180],"Detector":[181],"(KeRTD)":[182],"is":[183,254],"host-based":[185],"difference-based":[189],"enables":[192],"aids":[196],"immediately.":[200],"A":[201],"simple":[202],"snapshot":[206],"Task":[208],"manager":[209],"in":[210,256],"user":[211],"mode":[212],"KeRTD":[214,257,286],"Process":[215],"Driver":[217],"List":[218,281],"helps":[219],"other":[226],"malwares.":[228],"All":[229],"follow":[231],"generic":[233,250],"pattern":[234],"infection":[236],"installing":[239],"modification":[243],"etc.":[247],"very":[249],"exploited":[255],"restore":[261],"hooks,":[264],"thus":[265],"blocking":[266],"further":[269],"infection.":[270],"Every":[271],"file":[272],"accesses":[275],"verified":[277],"Access":[279],"Control":[280],"avoid":[283],"subversion":[284],"operating":[288,298],"kernel.":[290],"proposal":[292],"has":[293],"been":[294],"implemented":[295],"windows":[297],"tested":[301],"various":[303],"methods":[304],"attack":[306],"The":[310],"results":[311],"confirm":[312]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2013,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}