Abstract
A Rootkit is a malicious software that damages the operating system at user and kernel levels. A bootkit is a kernel rootkit which affects only the kernel space. The bootkit starts executing as soon as BIOS selects the appropriate boot device which is residing in Master Boot Record (MBR). Main feature of bootkit is that it cannot be easily detected since the existing antivirus solutions start detecting only after the boot process is completed. Currently there is no solution for the detection of bootkit in android operating system. The proposed detection module is deployed to get activated during the booting process itself. This detection technique is not only useful for detecting android bootkit but also useful for detecting any kind of illegal process which gets activated during the booting of android operating system. The proposed solution was tested by implementing a bootkit attack program and found to detect and kill the malicious process that got activated by the attack, during boot process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rootkits, Part 1 of 3: The growing threat: McAfee (2006)
Security Alert: New Android Malware — DKFBootKit — Moves Towards the First Android BootKit (March 29, 2012), http://research.nq.com/
UEFI architecture, http://www.itsec.it/2012/09/18/uefi-technology-say-hello-to-the-windows-8-bootkit/#prettyPhoto
Kumar, N., Kumar, V.: Vbootkit: Compromising Windows Vista Security. In: Black Hat Europe 2007, Blackhat 2007 (2007)
600% rise in malicious apps: Study. The Times of India (June 27, 2013)
Kim, T.Y., Song, H.J., Park, J.H., Lee, B., Lim, K.Y.: Android Anatomy - Episode1 – The Init Process: Special Edition (2011)
The Android Init Language, https://android.googlesource.com/platform/system/core/+/android-2.2.3_r2/init/readme.txt
Android Open Source Project, http://android.source.com/
Android App Development, http://developer.android.com/
Rao, H., Selvakumar, S.: M. Tech. Phase II Thesis Report, Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli (May 2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Rao, H., Selvakumar, S. (2014). A Kernel Space Solution for the Detection of Android Bootkit. In: Satapathy, S., Avadhani, P., Udgata, S., Lakshminarayana, S. (eds) ICT and Critical Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India- Vol I. Advances in Intelligent Systems and Computing, vol 248. Springer, Cham. https://doi.org/10.1007/978-3-319-03107-1_77
Download citation
DOI: https://doi.org/10.1007/978-3-319-03107-1_77
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03106-4
Online ISBN: 978-3-319-03107-1
eBook Packages: EngineeringEngineering (R0)