Research on Rootkit Detection Model Based on Intelligent Optimization Algorithm in the Virtualization Environment

In order to solve the problems that the high misjudgment ratio of Rootkit detection and undetectable unknown Rootkit in the virtualization guest operating system, a Rootkit detecting model (QNDRM) based on intelligent optimization algorithm was proposed. The detecting model combines neural network with QPSO, which can take advantage of them. In the actual detection, QNDRM firstly captures the previously selected out Rootkit’s typical characteristic behaviors. And then, the trained system detects the presence of Rootkit. The experimental results show that QNDRM can effectively reduce the misjudgment ratio and detect both known and unknown Rootkit.