Android based Mobile Device Rooting Attack Detection and Response Mechanism using Events Extracted from Daemon Processes

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note and Galaxy Tab 10.1. The malicious application can be distributed to currently used mobile devices through open market masquerading as an normal application. An attacker inserts malicious code into an application, which might threaten privacy by rooting attack. Once the rooting attack is successful, malicious code can collect and steal private data stored in mobile terminal, for example, SMS messages, contacts list, and public key certificate for banking. To protect the private information from the malicious attack, malicious code detection, rooting attack detection and countermeasure method are required. To meet this end, this paper investigates rooting attack mechanism for Android-platform mobile terminal. Based on that, this paper proposes countermeasure system that enables to extract and collect events related to attacks occurring from mobile terminal, which contributes to active protection from malicious attacks.

[1]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[2]  Jeong-Nyeo Kim,et al.  Rooting attack detection method on the Android-based smart phone , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[3]  Christopher Krügel,et al.  Challenges for Dynamic Analysis of iOS Applications , 2011, iNetSeC.

[4]  Jean-Pierre Seifert,et al.  pBMDS: a behavior-based malware detection system for cellphone devices , 2010, WiSec '10.