Domain Ontology to Distinguish Different Types of Rootkits

  • ahmad salahi ITRC
  • Javad Enayatizadeh Information Security Department Research Institute for ICT Tehran, Iran
Keywords: Ontology, Rootkit, Malware, Security


Rootkit is an auxiliary tool for sniffing, stealing and hiding, so it has become the key component in almost all successful attacks. Analysis of rootkits will provide system administrators and security software managers the ability to detect and prevent a computer being compromised. Ontology will provide detailed conceptualization to represent the rootkit concepts and its relationships to other security concepts in cyber-attack domain. In this paper we presented an ontology for rootkits which contains many concepts relating to security, cyber-attacks and operating systems. We divided rootkits according to four attributes, and expanded the ontology for rootkits accordingly. This ontology can be used to distinguish different types of rootkits.


Download data is not yet available.

Author Biographies

ahmad salahi, ITRC

Ahmad Salahi  received M.SC. from Tehran university in 1970, M.S. from Kansas University, Lawrence Kansas in 1974, and Ph.D. from Purdue uiversity, West Lafayette,Indiana,U.S.A. in 1979 all in electrical engineering. He is currently an associate professor in Iranian Research Institute for ICT (ex. ITRC). His research interests are network security, switching and routing.

Javad Enayatizadeh, Information Security Department Research Institute for ICT Tehran, Iran

Javad Enayatizadeh received Master degree in Information Technology from Iran university of science & technology in 2010. His main interest is in programming software that focuses on network.


[1] H. Thimbleby, S. Anderson, P. Cairns, “A Framework for Modeling Trojans and Computer Virus Infections,” The Computer Journal, vol. 41, no.7 pp. 444-458, 1998.
[2] A. G´ omez-P´ erez, M. Fern´ andez-L´ opez, and O. Corcho, ntological Engineering, 1st ed. London: Springer, 2004.
[3] Gruber, T., Towards Principles for the Design of Ontologies used for Knowledge Sharing. International Journal of Human -Computer Studies, 1995. 43(5/6): p.907 -928.
[4] Tala Tafazzoli and Seyed Hadi Sadjadi. Malware fuzzy ontology for semantic web. IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.7, July 2008.
[5] Manuel Corregedor and Sebastiaan Von Solms, Implementing Rootkits to Address Operating System Vulnerabilities
[6] Andrew Simmonds, Peter Sandilands, and Louis van Ekert, An ontology for network security attacks, RAID 2003, LCNS 2820, Springer-Verlag,2003.
[7] Kim, A, Luo, J & Kang, M 2005 ‘Security Ontology for Annotating Resources’, paper presented to the 4th International Conference on Ontologies, Databases, and Applications of Semantics, ODBASE 2005.
[8] Denker, G, Nguyen, S & Ton, A 2004 ‘OWL-S Semantics of Security Web Services: a Case Study’, paper presented to SRI International, Menlo Park, California, USA.
[9] John D. Howard, Thomas A. Longstaff, A common language for computer security incidents, Sandia National Laboratories, Sandia Report, 1998.
[10] Hsiu-Sen Chiang, Woei-Jiunn Tsaur, Ontology-based Mobile Malware Behavioral Analysis
[11] A Complex Malware for Targeted Attacks". Budapest University of Technology and Economics. 28 May 2012. Archived from the original on 30 May 2012. Retrieved 29 May 2012.
[12] Flamer/sKyWIper Malware: Analysis. FireEye. Archived from the original on 31 May 2012. Retrieved 31 May 2012.
[13] [12] M. Christodorescu, S. Jha, S.A. Seshia, D. Song, and R.E. Bryant,“Semantics-aware malware detection,” in Proc. the IEEE Symposium on Security and Privacy, Oakland, California, pp. 32-46, May 2005.
[14] [13] J. A. Morales, P. J. Clarke, Y. Deng, and B. M. Golam Kibria,“Testing and evaluating virus detectors for handheld devices”,Journal in Computer Virology, vol. 2, no. 2, pp. 135- 147, 2006.
[15] E. Lacombe, F. Raynal, V. Nicomette, Rootkit modeling and experiments under Linux, Journal in Computer Virology, vol. 4, no. 2, 2008, pp:137-157.
[16] Jianxiong Wang,” A Rule-based Approach for Rootkit Detection”,The 2nd IEEE International Conference on Information Management and Engineering (ICIME), Pp. 405 – 408,2010.
[17] Detectors' Vulnerabilities Using a New Woei-Jiunn Tsaur and Yuh-Chen,” Exploring Rootkit Windows Hidden Driver Based Rootkit”, IEEE Second International Conference on Social Computing (SocialCom), pp.842-848,2010.
[18] Shu Zhou and Chenglong,” A Windows Rootkit Detection Method Based on Cross-View”, International Conference on E-Product E-Service and E-Entertainment (ICEEE),pp.1 - 3,2010.
[19] Endong Wang, Long Xin, Zhongyuan Wu, Weiqing Dong and Xiaoshe Dong,” KVM-based Detection of Rootkit Attacks “,International Conference on Intelligent Networking and Collaborative Systems (INCoS), PP. 703 – 708,2011.
[20] Hai Bi, “Anti-rootkit Technology of Kernel Integrity Detection and Restoration”, International Conference on Network Computing and Information Security (NCIS), Pp. 276 – 278,2011.
[21] Watters, P. ; Xinwen Wu ,” RBACS: Rootkit Behavioral Analysis and Classification System”, Third International Conference on Knowledge Discovery and Data Mining,pp.78- 80,2010
[22] Yu-Jie Hao, Yan Zhang, Zhi-Peng Lu and Rui Zhang ,”A New Malware Detection Method based on Raw Information”, International Conference on Computing and Intelligence Analysis, pp- 307 - 310,2008.
[23] Jun Han ,”Security Attack Ontology for Web Services”, Second International Conference on Semantics, Knowledge and Grid,pp.42-50,2008. Sacco, Anibal; Ortéga, Alfredo (2009-06-01). "Persistent BIOS Infection: The Early Bird Catches the Worm". Phrack. 66 (7). Retrieved 2010-11 -13.
[24] Sacco, Anibal; Ortéga, Alfredo (2009-06-01). "Persistent BIOS Infection: The Early Bird Catches the Worm". Phrack. 66 (7). Retrieved 2010-11 -13.
[25] and-trojans
[26] Protégé
[27] Feilmayr, Christina; Wöß, Wolfram (2016). "An analysis of ontologies and their success factors for application to business". Data & Knowledge Engineering: 1 –23. Retrieved 23 May 2017
[28] Ontology Evaluation and Ranking using OntoQA - IEEE Xplore ...,
Domain Ontology to Distinguish Different Types of Rootkits
How to Cite
salahi, ahmad, & Enayatizadeh, J. (2018, February 17). Domain Ontology to Distinguish Different Types of Rootkits. International Journal of Information & Communication Technology Research, 9(3), 17-24. Retrieved from
Information Technology