Kernel rootkit prevention model using multiclass

Suresh Kumar Srinivasan, Sudalaimuthu Thalavaipillai


Malicious individuals can access a computer network or application thanks to a series of programmes known as rootkit malware. These kernel rootkits use covert methods to conceal the kernel components, various control frameworks, and system activities, making identifying or prohibiting their presence in the target machine challenging. The bulk of rootkit detection and prevention techniques used today are particular to a system and dependent on recognized sources, making them ineffective for growing, evolving, concealed, or unnamed rootkits. This study proposes using the kernel rootkit prevention model using multiclass (KRPMM) system to identify hash values and detect/prevent such rootkits. The file downloaded by the client, who is availing of the service, is not permitted into the node used by the client in the cloud. But, it is redirected to the node wherein the file that has been downloaded and has entered the node anew is examined by a program which is specially coded to test the presence of rootkit in the file by some mechanisms and then comes to a conclusion of either the file being malicious or the file being clean and is free of rootkits. KRPMM tested only 64 rootkits.


Cloud; File; Malware; Message diggest 5; Process; Rootkit; SHA-256

Full Text:




  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

International Journal of Reconfigurable and Embedded Systems (IJRES)
p-ISSN 2089-4864, e-ISSN 2722-2608
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).

Web Analytics Made Easy - Statcounter View IJRES Stats