Abstract:
Today’s threats have become complex multi-module
systems using sophisticated techniques to target and
attack vulnerable systems. The use of rootkits and
rootkit technologies in malware and cybercrime is
increasing. To remain undetected, malware creators
incorporate rootkit components to maximize their
stealth capabilities. The main reason to develop this
research is the longer the malware can remain
undetected on a compromised machine, the more the
cybercriminal can profit. Therefore, the proposed
system will focus on analyzing the kernel and user level
rootkits based on Window operating system with
Cuckoo sandbox. This system performs automated and
manual analysis for ensuring the important of their
characteristics. The objectives are to identify the
rootkits based on their natures and complexity, and to
propose feature extraction algorithm for improving the
detection model.Effective MalwareFeature Extraction
Algorithm(EMFEA) is proposed in this framework for
detecting the future malware in Incident Handling
Systems. Moreover, the proposed system categorizes
the rootkits based on their relevant and prominent
features by using Hierarchical Clustering algorithm in
WEKA.
