Abstract
Android is one of the most secure and widely used operating systems for the mobile platform. Most of the Android devices have the functionality for rooting and installing new custom ROMs and kernels in the device. This feature of the Android devices makes it vulnerable to the kernel-modification advanced persistent threat attack (APT). This type of APT attacks cannot be detected by using existing tools and methods. This paper presents the implementation details of a kernel-modification APT attack performed on an android device and proposes a new method for detecting the same. The proposed system uses control flow analysis of the kernel binary code for detecting APT. In control flow analysis the control flow graph of the genuine kernel is compared with the control flow graph of the device-kernel and detects the APT based on signatures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Levine, J., Grizzard, J.B., Owen, H.L.: Detecting and categorizing kernel-level rootkits to aid future detection. IEEE Secur. Priv. 4(1), 24–32 (2006)
You, D.H., Noh, B.N.: Android platform based linux kernel rootkit. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 79–87. IEEE (2011)
Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for android malware detection. In: 2011 Seventh International Conference on Computational Intelligence and Security (CIS), pp. 1011–1015. IEEE (2011)
Liu, K., Tan, H.B.K., Chen, X.: Binary code analysis. Computer 46(8), 60–68 (2013)
Bergeron, J., Debbabi, M., Erhioui, M.M., Ktari, B.: Static analysis of binary code to isolate malicious behaviors. In: Proceedings of the IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 1999), pp. 184–189. IEEE (1999)
Rubanov, V.V., Shatokhin, E.A.: Runtime verification of linux kernel modules based on call interception. In: 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation (ICST), pp. 180–189. IEEE (2011)
Xda developers: compiled mkbootimg and unpack/repack linux scripts for boot.img. http://forum.xda-developers.com/nexus-s/development/hack-compiled-mkbootimg-unpack-repack-t891333 (2016). Accessed 01 June 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Anto, A., Rao, R.S., Pais, A.R. (2017). Kernel Modification APT Attack Detection in Android. In: Thampi, S., MartÃnez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_20
Download citation
DOI: https://doi.org/10.1007/978-981-10-6898-0_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6897-3
Online ISBN: 978-981-10-6898-0
eBook Packages: Computer ScienceComputer Science (R0)