Browsing by Subject "Stealth"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Ghostware and rootkit detection techniques for windows
    (2006) Bozağaç, Cumhur Doruk
    Spyware is a significant problem for most computer users. In public, the term spyware is used with the same meaning as adware, a kind of malicious software used for showing advertisements to the user against his will. Spyware programs are also known for their tendency to hide their presence, but advanced stealth techniques used to be either nonexistent or relatively primitive in terms of effectiveness. In other words, most of the spyware programs were efficient at spying but not very efficient at hiding. This made spyware easily detectable with simple file-scanning and registry-scanning techniques. New spyware programs have merged with rootkits and gained stealth abilities, forming spyware with advanced stealth techniques. In this work we focus on this important subclass of spyware, namely ghostware. Ghostware programs hide their resources from the Operating System Application Programming Interfaces that were designed to query and enumerate them. The resources may include files, Windows Registry entries, processes, and loaded modules and files. In this work, we enumerated these hiding techniques and studied the stealth detection methodologies. We also investigated the effectiveness of the hiding techniques against popular anti-virus programs and anti-spyware programs together with publicly available ghostware detection and rootkit detection tools. The results show that, anti-virus programs or anti-spyware programs are not effective for detecting or removing ghostware applications. Hidden object detection or rootkit detection tools can be useful, however, these tools can only work after the computer is infected and they do not provide any means for removing the ghostware. As a result, our work shows the need for understanding the potential dangers and applications of ghostware and implementing new detection and prevention tools.
  • Thumbnail Image
    ItemOpen Access
    Validation through comparison: measurement and calculation of the bistatic radar cross section of a stealth target
    (Wiley-Blackwell Publishing, Inc., 2003) Gürel, Levent; Bağcı, H.; Castelli, J. C.; Cheraly, A.; Tardivel, F.
    Bistatic radar cross section (BRCS) values of a stealth airborne target are predicted by performing both scaled-model measurements and numerical simulations. In order to achieve the solution of large-scale electromagnetic problems in the numerical simulation environment, the fast multipole method (FMM) is implemented and used. The FMM has produced remarkably accurate results, in addition to its efficiency. The efficiency of the FMM is due to its reduced computational complexity and memory requirement, which are both O(N1.5). Comparison of the measured and computed BRCS values has resulted in a striking agreement, which serves to validate both of the prediction techniques.