{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T04:30:42Z","timestamp":1772166642828,"version":"3.50.1"},"reference-count":25,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,11,25]],"date-time":"2023-11-25T00:00:00Z","timestamp":1700870400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,11,25]],"date-time":"2023-11-25T00:00:00Z","timestamp":1700870400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cloud Comp"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The rootkit industry has advanced significantly in the last decade. Attackers want to leave a backdoor for quick reoccurring exploits rather than launching the traditional one-time worm\/virus attacks. Meanwhile, as intrusion detection technologies improve, rootkits have grown in popularity. For the attackers to succeed, stealth becomes critical. The primary function of rootkits is to provide stealth. The modifications a rootkit makes conceal the presence of a rootkit. Determining the presence of mutation rootkits was quite challenging. Attackers can silently alter volatile (processes) and non-volatile (files) with the aid of rootkits without being noticed. We suggested the VKRHPDV (Volatile Kernel Rootkit Hidden Process Detection) framework to find the hidden techniques. This system includes process monitors, process comparison analysts, and contaminated process data gathering. Process monitoring is nothing more than clean process collection in the absence of rootkits, whereas pure process collection has been corrupted by rootkit injection. The process analyzer compares clean and tainted processes, some of which were concealed. VKRHPDV can identify process hiding behaviors in all datasets in the shortest period, according to the findings of an extensive performance analysis carried out on 64 rootkit datasets for each UNIX and Windows kernel in a cloud environment.<\/jats:p>","DOI":"10.1186\/s13677-023-00549-w","type":"journal-article","created":{"date-parts":[[2023,11,25]],"date-time":"2023-11-25T01:01:27Z","timestamp":1700874087000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Volatile Kernel Rootkit hidden process detection in cloud computing"],"prefix":"10.1186","volume":"12","author":[{"given":"Suresh Kumar","family":"S","sequence":"first","affiliation":[]},{"given":"Sudalai Muthu","family":"T","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,11,25]]},"reference":[{"key":"549_CR1","doi-asserted-by":"publisher","first-page":"108394","DOI":"10.1016\/j.comnet.2021.108394","volume":"198","author":"D Tian","year":"2021","unstructured":"Tian D, Ying Q, Jia X, Ma R, Hu C, Liu W (2021) MDCHD: a novel malware detection method in cloud using hardware trace and deep learning. Computer Networks 198:108394. https:\/\/doi.org\/10.1016\/j.comnet.2021.108394. (ISSN 1389-1286)","journal-title":"Computer Networks"},{"issue":"2","key":"549_CR2","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1109\/TDSC.2015.2443803","volume":"14","author":"HHIKYBB MoonLeeHeoKimPaekKang","year":"2017","unstructured":"MoonLeeHeoKimPaekKang HHIKYBB (2017) Detecting and preventing kernel rootkit attacks with bus snooping. IEEE Transactions on Dependable and Secure Computing 14(2):145\u2013157. https:\/\/doi.org\/10.1109\/TDSC.2015.2443803","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"549_CR3","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1109\/ICECE56287.2022.10048623","volume-title":"\"Detecting Kernel Rootkits in a Virtualized Infrastructure with Low-Level Architectural Features,\" 2022 IEEE 5th International Conference on Electronics and Communication Engineering (ICECE), Xi'an, China","author":"H Zhou","year":"2022","unstructured":"Zhou H, Fei C, Ni L, Wu B, Li G, Han K (2022) \u201cDetecting Kernel Rootkits in a Virtualized Infrastructure with Low-Level Architectural Features,\u201d 2022 IEEE 5th International Conference on Electronics and Communication Engineering (ICECE), Xi\u2019an, China. pp 244\u2013247. https:\/\/doi.org\/10.1109\/ICECE56287.2022.10048623"},{"key":"549_CR4","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/ICCD46524.2019.00012","volume-title":"\"Stealthy Rootkits in Smart Grid Controllers,\" 2019 IEEE 37th International Conference on Computer Design (ICCD), Abu Dhabi, United Arab Emirates","author":"P Krishnamurthy","year":"2019","unstructured":"Krishnamurthy P, Salehghaffari H, Duraisamy S, Karri R, Khorrami F (2019) \u201cStealthy Rootkits in Smart Grid Controllers,\u201d 2019 IEEE 37th International Conference on Computer Design (ICCD), Abu Dhabi, United Arab Emirates. pp 20\u201328. https:\/\/doi.org\/10.1109\/ICCD46524.2019.00012"},{"key":"549_CR5","doi-asserted-by":"publisher","first-page":"25696","DOI":"10.1109\/ACCESS.2022.3155695","volume":"10","author":"X Xing","year":"2022","unstructured":"Xing X, Jin X, Elahi H, Jiang H, Wang G (2022) A malware detection approach using autoencoder in deep learning. IEEE Access 10:25696\u201325706. https:\/\/doi.org\/10.1109\/ACCESS.2022.3155695","journal-title":"IEEE Access"},{"key":"549_CR6","doi-asserted-by":"publisher","unstructured":"I. Kuzminykh and M. Yevdokymenko, \"Analysis of Security of Rootkit Detection Methods,\" 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT), Kyiv, Ukraine, 2019, pp. 196-199, https:\/\/doi.org\/10.1109\/ATIT49449.2019.9030428","DOI":"10.1109\/ATIT49449.2019.9030428"},{"key":"549_CR7","doi-asserted-by":"crossref","unstructured":"Mohammadhadi Alaeiyan, Saeed Parsa, Mauro Conti, \u201cAnalysis and classification of context-based malware behavior\u201d,Computer Communications,volume 136, February 2019, Pages 76-90, 10.1016\/ j.co m c o m . 2019 .01.003.","DOI":"10.1016\/j.comcom.2019.01.003"},{"key":"549_CR8","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1109\/ICAC.2016.46","volume-title":"\"HyperLink: Virtual Machine Introspection and Memory Forensic Analysis without Kernel Source Code,\" 2016 IEEE International Conference on Autonomic Computing (ICAC), Wuerzburg, Germany","author":"J Xiao","year":"2016","unstructured":"Xiao J, Lu L, Wang H, Zhu X (2016) \u201cHyperLink: Virtual Machine Introspection and Memory Forensic Analysis without Kernel Source Code,\u201d 2016 IEEE International Conference on Autonomic Computing (ICAC), Wuerzburg, Germany. pp 127\u2013136. https:\/\/doi.org\/10.1109\/ICAC.2016.46"},{"key":"549_CR9","doi-asserted-by":"publisher","unstructured":"S. Kumar Verma, N. Anjum, A. Sharma and A. Mishra, \"iSIMP with Integrity Validation using MD5 Hash,\" 2021 International Conference on Computational Performance Evaluation (ComPE), Shillong, India, 2021, pp. 094-097, https:\/\/doi.org\/10.1109\/ComPE53109.2021.9752433.","DOI":"10.1109\/ComPE53109.2021.9752433"},{"key":"549_CR10","doi-asserted-by":"publisher","unstructured":"Alshamrani SS. Analysis of MachineLearning Based Technique for Malware Identification and Classification of Portable Document FormatFiles, Hindawi Security and Communication Networks Volume 2022, Article ID 7611741, 10 pages https:\/\/doi.org\/10.1155\/2022\/7611741.","DOI":"10.1155\/2022\/7611741"},{"key":"549_CR11","doi-asserted-by":"crossref","unstructured":"Donghai Tian, Rui Ma , Xiaoqi Jia, and Changzhen Hu, \u201cA Kernel Rootkit Detection Approach based on Virtualization and Machine Learning\u201d IEEE Access PP (99):1-1 july, 2019.","DOI":"10.1109\/ACCESS.2019.2928060"},{"key":"549_CR12","doi-asserted-by":"publisher","unstructured":"Chin-Ling Chen, Supaporn Punya, \u201cAn enhanced WPA2\/PSK for preventing authentication cracking\u201d, The International Journal of Informatics and Communication Technology (IJ-ICT), Vol.10, No.2, August 2021, pp. 85-92,DOI: https:\/\/doi.org\/10.11591\/ijict.v10i2.pp85-92.","DOI":"10.11591\/ijict.v10i2.pp85-92"},{"key":"549_CR13","unstructured":"Sanjay Sharma, C. Ramakrishna and Sanjay K. Sahay, \u201cDetection of Advanced Malware by Machine Learning Techniques\u201d Access AISC, Volume 742, 2019."},{"key":"549_CR14","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.107095","volume":"226","author":"T Panker","year":"2021","unstructured":"Panker T, Nissim N (2021) Leveraging malicious behavior traces from volatile memory using machine learning methods for trusted unknown malware detection in Linux cloud environments. Knowl. Based Syst. 226:107095","journal-title":"Knowl. Based Syst."},{"key":"549_CR15","doi-asserted-by":"publisher","unstructured":"Lin Y, Huang S, Hong M, Chen S, Li X, Lin D, \u201cMD5 Encryption Algorithm Enhanced Competitive Swarm Optimizer for Feature Selection,\u201d, (2019) IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA\/BDCloud\/SocialCom\/SustainCom). Xiamen, China 2019:1250\u20131254. https:\/\/doi.org\/10.1109\/ISPA-BDCloud-SustainCom-SocialCom48970.2019.00178","DOI":"10.1109\/ISPA-BDCloud-SustainCom-SocialCom48970.2019.00178"},{"key":"549_CR16","first-page":"103151","volume":"67","author":"Q Wang","year":"2022","unstructured":"Wang Q, Qian Q (2022) Malicious code classification based on opcode sequences and textCNN network. J Inf Secur Appl 67:103151","journal-title":"J Inf Secur Appl"},{"key":"549_CR17","first-page":"881","volume-title":"Portable Executable Malware Classifier Using Long Short Term Memory and Sophos-ReversingLabs 20 Million Dataset\u201d, In Proceedings of the TENCON 2021\u20142021 IEEE Region 10 Conference (TENCON), Auckland, New Zealand, 7\u201310 December","author":"JA Diaz","year":"2021","unstructured":"Diaz JA, Bandala A (2021) Portable Executable Malware Classifier Using Long Short Term Memory and Sophos-ReversingLabs 20 Million Dataset\u201d, In Proceedings of the TENCON 2021\u20142021 IEEE Region 10 Conference (TENCON), Auckland, New Zealand, 7\u201310 December. pp 881\u2013884"},{"key":"549_CR18","doi-asserted-by":"publisher","unstructured":"Ullah A, Laassar I, \u015eahin CB, Dinle OB, Aznaoui H, \u201cCloud and internet-of-things secure integration along with security concerns\u201d, International Journal of Informatics and Communication Technology, Vol. 12, No. 1,\u00a0\u00a0https:\/\/doi.org\/10.11591\/ijict.v12i1.pp62-71.","DOI":"10.11591\/ijict.v12i1.pp62-71"},{"key":"549_CR19","doi-asserted-by":"publisher","unstructured":"J. Zhang, F. Zou and J. Zhu, \"Android Malware Detection Based on Deep Learning,\" 2018 IEEE 4th International Conference on Computer and Communications (ICCC), Chengdu, China, 2018, pp. 2190-2194, doi: https:\/\/doi.org\/10.1109\/CompComm.2018.8781037.","DOI":"10.1109\/CompComm.2018.8781037"},{"key":"549_CR20","first-page":"1011","volume-title":"\u201cMalicious Software Classification using Transfer Learning of ResNet-50 Deep Neural Network.\u201d, In Proceedings of the 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), Cancun, Mexico, 18\u201321 December","author":"E Rezende","year":"2017","unstructured":"Rezende E, Ruppert G, Carvalho T, Ramos F, de Geus P (2017) \u201cMalicious Software Classification using Transfer Learning of ResNet-50 Deep Neural Network.\u201d, In Proceedings of the 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), Cancun, Mexico, 18\u201321 December. pp 1011\u20131014"},{"key":"549_CR21","doi-asserted-by":"publisher","unstructured":"J. Zhao, S. Zhang, B. Liu and B. Cui, \"Malware Detection Using Machine Learning Based on the Combination of Dynamic and Static Features,\" 2018 27th International Conference on Computer Communication and Networks (ICCCN), Hangzhou, China, 2018, pp. 1-6, https:\/\/doi.org\/10.1109\/ICCCN.2018.8487459.","DOI":"10.1109\/ICCCN.2018.8487459"},{"key":"549_CR22","doi-asserted-by":"publisher","unstructured":"J. Zhao, S. Zhang, B. Liu and B. Cui, \"Malware Detection Using Machine Learning Based on the Combination of Dynamic and Static Features,\" 2018 27th International Conference on Computer Communication and Networks (ICCCN), Hangzhou, China, 2018, pp. 1-6, doi: https:\/\/doi.org\/10.1109\/ICCCN.2018.8487459.","DOI":"10.1109\/ICCCN.2018.8487459"},{"key":"549_CR23","doi-asserted-by":"publisher","first-page":"46717","DOI":"10.1109\/ACCESS.2019.2906934","volume":"7","author":"R Vinayakumar","year":"2019","unstructured":"Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Venkatraman S (2019) Robust intelligent malware detection using deep learning. IEEE Access 7:46717\u201346738. https:\/\/doi.org\/10.1109\/ACCESS.2019.2906934","journal-title":"IEEE Access"},{"key":"549_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ICEET53442.2021.9659710","volume-title":"\"A Review on Learning-based Detection Approaches of the Kernel-level Rootkit,\" 2021 International Conference on Engineering and Emerging Technologies (ICEET), Istanbul, Turkey","author":"M Nadim","year":"2021","unstructured":"Nadim M, Akopian D, Lee W (2021) \u201cA Review on Learning-based Detection Approaches of the Kernel-level Rootkit,\u201d 2021 International Conference on Engineering and Emerging Technologies (ICEET), Istanbul, Turkey. pp 1\u20136. https:\/\/doi.org\/10.1109\/ICEET53442.2021.9659710"},{"key":"549_CR25","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1109\/CSCloud.2015.54","volume-title":"\"Detection of Malware and Kernel-Level Rootkits in Cloud Computing Environments,\" 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, New York, NY, USA","author":"TY Win","year":"2015","unstructured":"Win TY, Tianfield H, Mair Q (2015) \u201cDetection of Malware and Kernel-Level Rootkits in Cloud Computing Environments,\u201d 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, New York, NY, USA. pp 295\u2013300. https:\/\/doi.org\/10.1109\/CSCloud.2015.54"}],"container-title":["Journal of Cloud Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-023-00549-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13677-023-00549-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-023-00549-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,25]],"date-time":"2023-11-25T01:02:07Z","timestamp":1700874127000},"score":1,"resource":{"primary":{"URL":"https:\/\/journalofcloudcomputing.springeropen.com\/articles\/10.1186\/s13677-023-00549-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,25]]},"references-count":25,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2023,12]]}},"alternative-id":["549"],"URL":"https:\/\/doi.org\/10.1186\/s13677-023-00549-w","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-2315952\/v1","asserted-by":"object"}]},"ISSN":["2192-113X"],"issn-type":[{"value":"2192-113X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11,25]]},"assertion":[{"value":"26 November 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 November 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 November 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"164"}}