| 摘要 |
The present invention relates to a method for detecting a rooting attack event on a mobile terminal and, more specifically, to a method for detecting a rooting attack event on a mobile terminal, which is performed by a plurality of mobile terminals based on Android and a server which collects, stores, and analyzes information on events occurring in the mobile terminals. The method comprises: a daemon process executing step of allowing a mobile terminal to monitor services and process information generated in the mobile terminal, allowing the mobile terminal to drive at least one daemon process performing the extraction, collection and analysis of events as a background service, and allowing the mobile terminal to transmit, to a server, event information generated by the mobile terminal; and an event detecting step of allowing the server to collect and store event information generated by each mobile terminal by the daemon process, and allowing the server to detect an event resulting from a rooting attack on each mobile terminal by analyzing the collected event information. Therefore, the present invention can analyze security vulnerabilities of the mobile terminal using an experimental malicious application, can create a monitoring daemon capable of actively dealing with the security vulnerabilities and a print daemon interworking therewith, can allow the server to efficiently detect a malicious code and a rooting attack on each mobile terminal by extracting daemon-based event information, and can prevent a spread of a malicious application through rooting capable of leaking, to an external server, personal information and financial information stored in the mobile terminal. |
