[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Kernel Modification APT Attack Detection in Android

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 746))

Included in the following conference series:

Abstract

Android is one of the most secure and widely used operating systems for the mobile platform. Most of the Android devices have the functionality for rooting and installing new custom ROMs and kernels in the device. This feature of the Android devices makes it vulnerable to the kernel-modification advanced persistent threat attack (APT). This type of APT attacks cannot be detected by using existing tools and methods. This paper presents the implementation details of a kernel-modification APT attack performed on an android device and proposes a new method for detecting the same. The proposed system uses control flow analysis of the kernel binary code for detecting APT. In control flow analysis the control flow graph of the genuine kernel is compared with the control flow graph of the device-kernel and detects the APT based on signatures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Levine, J., Grizzard, J.B., Owen, H.L.: Detecting and categorizing kernel-level rootkits to aid future detection. IEEE Secur. Priv. 4(1), 24–32 (2006)

    Article  Google Scholar 

  2. You, D.H., Noh, B.N.: Android platform based linux kernel rootkit. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 79–87. IEEE (2011)

    Google Scholar 

  3. Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for android malware detection. In: 2011 Seventh International Conference on Computational Intelligence and Security (CIS), pp. 1011–1015. IEEE (2011)

    Google Scholar 

  4. Liu, K., Tan, H.B.K., Chen, X.: Binary code analysis. Computer 46(8), 60–68 (2013)

    Article  Google Scholar 

  5. Bergeron, J., Debbabi, M., Erhioui, M.M., Ktari, B.: Static analysis of binary code to isolate malicious behaviors. In: Proceedings of the IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 1999), pp. 184–189. IEEE (1999)

    Google Scholar 

  6. Rubanov, V.V., Shatokhin, E.A.: Runtime verification of linux kernel modules based on call interception. In: 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation (ICST), pp. 180–189. IEEE (2011)

    Google Scholar 

  7. Xda developers: compiled mkbootimg and unpack/repack linux scripts for boot.img. http://forum.xda-developers.com/nexus-s/development/hack-compiled-mkbootimg-unpack-repack-t891333 (2016). Accessed 01 June 2016

Download references

Author information

Authors and Affiliations

  1. Information Security Research Lab, National Institute of Technology, Mangalore, Karnataka, India

    Ajay Anto, R. Srinivasa Rao & Alwyn Roshan Pais

Authors
  1. Ajay Anto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Srinivasa Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alwyn Roshan Pais
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. Srinivasa Rao .

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management Kerala (IIITMK), Trivandrum, Kerala, India

    Sabu M. Thampi

  2. University of Murcia , Murcia, Spain

    Gregorio Martínez Pérez

  3. Federal University of Santa Catarina , Florianópolis, Santa Catarina, Brazil

    Carlos Becker Westphall

  4. RMIT University , Melbourne, Victoria, Australia

    Jiankun Hu

  5. National Sun Yat-sen University , Kaohsiung, Taiwan

    Chun I. Fan

  6. University of Murcia, Murcia, Spain

    Félix Gómez Mármol

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Anto, A., Rao, R.S., Pais, A.R. (2017). Kernel Modification APT Attack Detection in Android. In: Thampi, S., Martínez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_20

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-6898-0_20

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-6897-3

  • Online ISBN: 978-981-10-6898-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation