Kernel level rootkit detection method and system in Andriod system

A technology of Android system and detection method, which is applied in the direction of computer security devices, instruments, calculations, etc., to achieve the effect of improving security

Inactive Publication Date: 2015-05-06
EAST CHINA NORMAL UNIV
View PDF1 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a mobile phone system, the Android system can intercept a large amount of private information, including text messages, photos, etc., through rootkits. At present, no software tools for rootkit detection and protection that fully serve the android pl...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Kernel level rootkit detection method and system in Andriod system
  • Kernel level rootkit detection method and system in Andriod system
  • Kernel level rootkit detection method and system in Andriod system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0076] The present invention will be further described in detail in conjunction with the following specific embodiments and accompanying drawings. The process, conditions, experimental methods, etc. for implementing the present invention, except for the content specifically mentioned below, are common knowledge and common knowledge in this field, and the present invention has no special limitation content.

[0077] The technical solution of the present invention is based on the Android platform, is aimed at the characteristics of the ARM processor, avoids the singleness of the traditional detection method, thereby detects the rootkit that has invaded, and reports the rootkit with illegal behavior, such as figure 1 Specifically, the following steps are shown:

[0078] Step 1: statically obtain the address of the system call table of the system to be detected, and obtain the entries in the system call table;

[0079] Step 2: Use the self-trap instruction SWI to enter the kerne...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a kernel level rootkit detection method in an Andriod system, comprising the following steps of statically obtaining an address and a table entry of a system call table; entering into a kernel mode from a user mode; dynamically obtaining the address of the system call table; if the addresses are not matched, then generating an intrusion reporting; obtaining a pure address of the system call table; if the system call table is not matched, then generating the intrusion reporting and restoring; intercepting a module name called by a module loading function, retrieving the dynamically loaded module name, if the name is not matched, then deleting the hidden module, and generating the intrusion reporting; obtaining all the progress information actually loaded by a system to be detected, and obtaining all the progress information by using a command query, if the progress information is not matched, then eliminating the malicious processes and generating the intrusion reporting. The invention also discloses a rootkit detection system, which can detect the intruded rootkit and delete the rootkit with an illegal act, so as to improve the safety and reliability of the system.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a kernel-level rootkit detection method in an Android system and a system thereof. Background technique [0002] With the development of information technology, smart phones have been popularized, especially mobile phones using the Android operating system platform have occupied the mainstream market. The Android system architecture is divided into Applications, Applications Framework, Libraries, Android Runtime and Linux kernel. The bottom layer of Android is the linux kernel, which directly operates hardware devices for the bottom and provides bottom-level services for the operating system, such as process scheduling, memory management, network management, and related hardware driver modules. Due to the open source code, traditional rootkit malicious programs are also Moved to Android phones and grew rapidly. Rootkit has strong concealment, can hide proc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566G06F21/568
Inventor 刘云鹏徐文超杨雁峰费凡汤俊杨艳琴
Owner EAST CHINA NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap