Authenticating Service Request in Kernel Mode against Malicious Code

The dominant operating system in the world today is windows. There are some of the weaknesses present in the window architecture. Using this weakness rootkit malware wants to utilize an administrative control of the windows, rootkit malwares refers to software that is used to conceal the presence and permit an attacker to take control of a system. So, an attacker can capture the sensitive information that present in a system. To reduce the number of rootkit injection first, the authors classify the legitimate and suspicious code using an algorithm if the process is a legitimate one means that the legitimate process is directly permitted to get the system service through the ntdll.dll which acts as a gateway to the kernel mode from the user mode.

Provided by: The International Journal of Innovative Research in Computer and Communication Engineering Topic: Software Date Added: Mar 2014 Format: PDF

Find By Topic