Kernel-mode rootkits hide objects such as processes and threads using a technique known as Direct Kernel Object Manipulation (DKOM). Many forensic analysis tools attempt to detect these hidden objects by scanning kernel memory with handmade signatures; however, such signatures are brittle and rely on non-essential features of these data structures, making them easy to evade. In this paper, we present an automated mechanism for generating signatures for kernel data structures and show that these signatures are robust: attempts to evade the signature by modifying the structure contents will cause the OS to consider the object invalid. Using dynamic analysis, we profile the target data structure to determine commonly used fields, and we then fuzz those fields to determine which are essential to the correct operation of the OS. These fields form the basis of a signature for the data structure. In our experiments, our new signature matched the accuracy of existing scanners for traditional malware and found processes hidden with our prototype rootkit that all current signatures missed. Our techniques significantly increase the difficulty of hiding objects from signature scanning.
<p class="MsoNormal" style="text-align: left; margin: 0cm 0cm 0pt;" align="left"><span class="text"><span style="font-family: ";Arial";,";sans-serif";; font-size: 9pt;">Data mining is widely used to identify interesting, potentially useful and understandable patterns from a large data repository. With many organizations focusing on web-based on-line transactions, the threat of security violations has also increased. Since a database stores valuable information of an application, its security has started getting attention. An intrusion detection system (IDS) is used to detect potential violations in database security. In every database, some of the attributes are considered more sensitive to malicious modifications compared to others. We propose an algorithm for finding dependencies among important data items in a relational database management system. Any transaction that does not follow these dependency rules are identified as malicious. We show that this algorithm can detect modification of sensitive attributes quite accurately. We also suggest an extension to the Entity- Relationship (E-R) model to syntactically capture the sensitivity levels of the attributes.</span></span><span style="font-family: ";Arial";,";sans-serif";; font-size: 9pt;"></span></p>
Background and Objective:Forensic dentistry plays a vital role in detection and resolution of crime, civil proceedings and personal identification. With ever-increasing demands placed upon law enforcement to provide sufficient physical evidence linking a perpetrator to a crime, it makes sense to utilize any type of physical characteristic to identify a suspect of an offense. The least invasive and cost-effective procedure among all methods of human identification is the study of lip prints and fingerprints. This study is done to determine the predominant pattern of fingerprint and lip print in males and females and to correlate it for gender identification.Materials and Methods:The study sample comprised 100 individuals (50 males and 50 females) aged between 20 and 50 years; dark-colored lipstick was applied uniformly on the lips. The glued portion of cellophane tape was dabbed first in the center and then pressed uniformly over the corner of lips. Cellophane tape was then stuck to a white chart sheet for the purpose of permanent record. Lip print patterns were analyzed following the classification of Suzuki and Tsuchihashi. The imprint of left thumb was taken on a white chart sheet using a blue ink stamp pad and visualized using magnifying lens. Fingerprints were analyzed by following the classification given by Kücken. Correlation of lip print and fingerprint was analyzed using Chi-square test.Results:The overall correlation of lip prints with fingerprints in males revealed branched lip pattern associated with whorl fingerprint and in females as vertical lip print pattern associated with loop fingerprint.Conclusion:We conclude that the study between lip print and fingerprint can aid in gender determination.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.