Abstract

In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating system software. The purpose of this paper is to describe what a rootkit is, how they operate, and how they relate to other types of malware. Historical data and statistics will be presented in order to show how rootkits have been employed in cyber attacks. Different types of rootkits, including user, kernel, and hypervisor rootkits will be described, as well as the various methods used to defend against rootkits. We will then present a case study where neural networks were used to analyze the behavior of a system both not infected and infected with a rootkit, and categorize the resulting system calls as anomalous or not.