Vulnerability monitoring mechanism in Android based smartphone with correlation analysis on event-driven activities

The amount of malicious mobile application targeting Android based smartphones has increase rapidly. In addition, these malicious apps are capable of downloading modules from servers which are run by malicious users, meaning that unexpected events can be activated inside of smartphones. Therefore, the attacker can control and get personal information and data stored inside of smartphone illegally. Therefore, it is necessary to monitor several event-driven activities and to detect malicious service for degrading the vulnerability on Android based smartphone. The correlation analysis mechanism is the use of statistical and systemic data to evaluate the relations between several variables. Therefore, we propose vulnerability monitoring mechanism with correlation analysis on event-driven activities in Android platform. In first, the basic activity data set (application integrity information, real-time process list, network connection and activated service list) are constructed as a DB server. And then the event data generated inbound of smartphone are aggregated and updated periodically. Based on these data, correlation analysis process is performed to detect malicious activity such as rooting attack triggered by rootkit for acquisition of administration permission. Therefore, it is useful to decrease a threat by detecting malicious event on Android based smartphones.