Rootkit Detection Algorithm Based On Android System

As continuous development of technology and smart phones, and smart phone operatingsystem on the continuous development and application of the intelligent mobile terminals, smartphones have become an important ways for people to get valuable information. And hasgradually affected the ways and habits of the people’s daily lives. Smart phones can run a varietyof applications, greatly enriched people’s entertainment life, at the same time to bring smartphone users a potential security risk.Since the release of Android operating system by Google, Android market share continues toincline, and has occupied the overwhelming majority of the smart phone market. Under theattraction of economic benefit, the evil attackers have inclined to attack Android system forbenefit. Though Android system based on Linux kernel and inherits most excellent security meritand security framework of Linux system, still has some vulnerabilities. Android applicationsexecute on DVM(Dalvik Virtual Machine) of embedded Linux kernel. To ensure the security ofAndroid applications, Android system restricts each application interaction to its own useridentity, and thus the process space is isolated and transparent among different applications. Inaddition, Android applications use a simple permission label assignment model to restrict dataaccess and message communication between diverse applications and expose access right toother applications by modify AndroidManifest.XML file.Rootkit is the most intimate and dangerous in well-known numerous attack tactics, it cansecretly modify operating system kernel data, thus the computer system and user facing a seriousthreat. Android system is based on the Linux kernel, thus provides a good platform for studyingrootkit. The paper based on the Android smart phone operating system, and as a starting point,analyzed Android-based rootkits and its principle of attacking details, to detect the Androidmalwares (particular aim at rootkits), the main contributions are as follows:Proposed a rootkit detection algorithm based on fuzzy pattern recognition. The detectionalgorithm extract android program system call functions to build fuzzy set on the feature domainto distinguish between benign procedures and malicious programs, and classify these programsto detect rootkit.