ait-aecid/rootkit-detection-ebpf-time-trace
Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.
This tool helps cybersecurity professionals detect hidden rootkits by analyzing subtle changes in the timing of kernel functions. It takes measurements of specific kernel activities, like file enumeration, both with and without rootkit interference. The output is a detection report indicating the presence of a rootkit based on these timing anomalies.
No commits in the last 6 months.
Use this if you are a security analyst or researcher who needs to identify stealthy rootkit infections by looking for behavioral changes at the kernel level.
Not ideal if you need a plug-and-play antivirus solution or lack experience with Linux kernel environments and security tool configuration.
Stars
29
Forks
3
Language
Python
License
GPL-3.0
Category
Last pushed
Sep 10, 2025
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/ml-frameworks/ait-aecid/rootkit-detection-ebpf-time-trace"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
GACWR/OpenUBA
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for...
nfstream/nfstream
NFStream: a Flexible Network Data Analysis Framework.
echowei/DeepTraffic
Deep Learning models for network traffic classification
faucetsdn/poseidon
Poseidon is a python-based application that leverages software defined networks (SDN) to acquire...
CESNET/cesnet-datazoo
CESNET DataZoo: A toolset for large network traffic datasets