A Kernel Space Solution for the Detection of Android Bootkit

Abstract

A Rootkit is a malicious software that damages the operating system at user and kernel levels. A bootkit is a kernel rootkit which affects only the kernel space. The bootkit starts executing as soon as BIOS selects the appropriate boot device which is residing in Master Boot Record (MBR). Main feature of bootkit is that it cannot be easily detected since the existing antivirus solutions start detecting only after the boot process is completed. Currently there is no solution for the detection of bootkit in android operating system. The proposed detection module is deployed to get activated during the booting process itself. This detection technique is not only useful for detecting android bootkit but also useful for detecting any kind of illegal process which gets activated during the booting of android operating system. The proposed solution was tested by implementing a bootkit attack program and found to detect and kill the malicious process that got activated by the attack, during boot process.