Doug Wampler

Learn More
Several methods exist for detecting Linux kernel module (LKM) rootk-its, most of which rely on a priori system-specific knowledge. We propose an alternative detection technique that only requires knowledge of the distribution of system call addresses in an uninfected system. Our technique relies on outlier analysis, a statistical technique that compares the(More)
  • 1