Proposed ApplicableFramework for Extracting Rootkits Features and Clustering through Dynamic Analysis for Incident Handling Systems

Abstract

Today’s threats have become complex multi-module systems using sophisticated techniques to target and attack vulnerable systems. The use of rootkits and rootkit technologies in malware and cybercrime is increasing. To remain undetected, malware creators incorporate rootkit components to maximize their stealth capabilities. The main reason to develop this research is the longer the malware can remain undetected on a compromised machine, the more the cybercriminal can profit. Therefore, the proposed system will focus on analyzing the kernel and user level rootkits based on Window operating system with Cuckoo sandbox. This system performs automated and manual analysis for ensuring the important of their characteristics. The objectives are to identify the rootkits based on their natures and complexity, and to propose feature extraction algorithm for improving the detection model.Effective MalwareFeature Extraction Algorithm(EMFEA) is proposed in this framework for detecting the future malware in Incident Handling Systems. Moreover, the proposed system categorizes the rootkits based on their relevant and prominent features by using Hierarchical Clustering algorithm in WEKA.