Research And Realization On The Attack And Detection Of Rootkit On Android

While smart devices are more and more popular, and more and more important in people’s lives, they are being the focus point of all kinds of information attacks. As main operating system of the smart devices, Android system is threaten by increasingly malwares, in which, what is most dangerious is Rootkit. This paper will put forward new way to implement Rootkit on Android system, besides, on the base of analyzing the features of Rootkit, we will raise some specific ways to detect and defend Rootkit from Android system.The key point of this study is on the new way of concealment to enhance the hiding ability of Rootkit, as well as to come up with new methods of detection and increase the detecting efficiency. Main work and achievement of the study are as follows:1. Researched and studied the operating principle of Android system, including the atchitecture of Android system, the working principle and structure of Android kernel, VFS the virtual file system and LKM the loadable kernel module. Among them, the VFS and the LKM were especially focused on, to help us learn the ways of realizing Rootkit and the ways of concealing Rootkit.2. Undetstood the history and development of Rootkit, learnt the theory, features and key techniques of Rootkit, in addition to the major concealing and detecting ways.3. Come up with the idea of out-of-band concealment on Android system, and implemented it successfully. It provides a new way of concealing a Rootkit on Android system, make Rootkits more invisible.4. Raised the idea that to get the address of system call table and kernel function by unique order or order combination, besides, concealed files by hooking system call table and kenel function, and vertified the result of concealment.5. Put forward specific detection and defense measures aimed at the theory of Rootkit, including recovering the system call table, cleaning all the out-of-band data and building a kernel modules monitoring list. And made realization and examination on the measures, analysed the drawbacks.