A Kernel Space Solution for the Detection of Android Bootkit
A Rootkit is a malicious software that damages the operating system at user and kernel levels. A bootkit is a kernel rootkit which affects only the kernel space. The bootkit starts executing as soon as BIOS selects the appropriate boot device which is residing in Master Boot Record (MBR). Main feature of bootkit is that it cannot be easily detected since the existing antivirus solutions start detecting only after the boot process is completed. Currently there is no solution for the detection of bootkit in android operating system. The proposed detection module is deployed to get activated during the booting process itself. This detection technique is not only useful for detecting android bootkit but also useful for detecting any kind of illegal process which gets activated during the booting of android operating system. The proposed solution was tested by implementing a bootkit attack program and found to detect and kill the malicious process that got activated by the attack, during boot process.
KeywordsBoot process Init process kernel Rootkit Android OS Bootkit
Unable to display preview. Download preview PDF.
- 1.Rootkits, Part 1 of 3: The growing threat: McAfee (2006)Google Scholar
- 2.Security Alert: New Android Malware — DKFBootKit — Moves Towards the First Android BootKit (March 29, 2012), http://research.nq.com/
- 4.Kumar, N., Kumar, V.: Vbootkit: Compromising Windows Vista Security. In: Black Hat Europe 2007, Blackhat 2007 (2007)Google Scholar
- 5.600% rise in malicious apps: Study. The Times of India (June 27, 2013) Google Scholar
- 6.Kim, T.Y., Song, H.J., Park, J.H., Lee, B., Lim, K.Y.: Android Anatomy - Episode1 – The Init Process: Special Edition (2011)Google Scholar
- 7.The Android Init Language, https://android.googlesource.com/platform/system/core/+/android-2.2.3_r2/init/readme.txt
- 8.Android Open Source Project, http://android.source.com/
- 9.Android App Development, http://developer.android.com/
- 10.Rao, H., Selvakumar, S.: M. Tech. Phase II Thesis Report, Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli (May 2013) Google Scholar