Mobile Botnet Classification by using Hybrid Analysis

  • Authors

    • Muhammad Yusof
    • Madihah Mohd Saudi
    • Farida Ridzuan
    2018-10-07
    https://doi.org/10.14419/ijet.v7i4.15.21429
  • Android, Classification Algorithm, Hybrid Analysis, Mobile Botnet.
  • Abstract

    The popularity and adoption of Android smartphones has attracted malware authors to spread the malware to smartphone users. The malware on smartphone comes in various forms such as Trojans, viruses, worms and mobile botnet. However, mobile botnet or Android botnet are more dangerous since they pose serious threats by stealing user credential information, distributing spam and sending distributed denial of service (DDoS) attacks. Mobile botnet is defined as a collection of compromised mobile smartphones and controlled by a botmaster through a command and control (C&C) channel to serve a malicious purpose. Current research is still lacking in terms of their low detection rate due to their selected features. It is expected that a hybrid analysis could improve the detection rate. Therefore, machine learning methods and hybrid analysis which combines static and dynamic analyses were used to analyse and classify system calls, permission and API calls. The objective of this paper is to leverage machine learning techniques to classify the Android applications (apps) as botnet or benign. The experiment used malware dataset from the Drebin for the training and mobile applications from Google Play Store for testing. The results showed that Random Forest Algorithm achieved the highest accuracy rate of 97.9%. In future, more significant approach by using different feature selection such as intent, string and system component will be further explored for a better detection and accuracy rate.

     

  • References

    1. [1] Poonguzhali, P., Dhanokar, P., Chaithanya, M. K., & Patil, M. U. (2016). Secure storage of data on android based devices. Int. Journal Eng. Technology, 8(3), 177–182.

      [2] Gartner Newsroom. (2017). Gartner says worldwide sales of smartphones grew 9 percent in first quarter of 2017, http://www.gartner.com/newsroom/id/3725117.

      [3] Alcatel-Lucent. (2015). Mobile malware: A network view. https://www.blackhat.com/docs/ldn-15/materials/london-15-McNamee-Mobile-Malware-A-Network-View-wp.pdf.

      [4] Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., & Ioannidis, S. (2014). AndRadar: Fast discovery of android applications in alternative markets. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 51-71.

      [5] Lockheimer, H. (2012). Android and security, http://googlemobile.blogspot.my/2012/02/android-and-security.html.

      [6] Oberheide, J. (2012). Dissecting the android bouncer, https://jon.oberheide.org/blog/2012/06/21/dissecting-the-android-bouncer/.

      [7] Percoco, J. & Schulte, S. Adventures in BouncerLand,://media.blackhat.com/bh-us.

      [8] Pieterse, H., & Olivier, M. (2013). Design of a hybrid command and control mobile botnet. Proceedings of the 8th International Conference on Information Warfare and Security, pp. 1-13.

      [9] Geng, G., Xu, G., Zhang, M., Guo, Y., Yang, G., & Cui, W. (2012). The design of SMS based heterogeneous mobile botnet. J. Comput., 7(1), 235–243.

      [10] Feizollah, A., Anuar, N. B., Salleh, R., & Wahab, A. W. A. (2015). A review on feature selection in mobile malware detection. Digit. Investig., 13. 22–37.

      [11] Baskaran, B., & Ralescu, A. (2016). A study of android malware detection techniques and machine learning. Proceedings of the Modern Artificial Intelligence and Cognitive Science Conference, pp. 15–23.

      [12] Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv., 44(2), 1–42.

      [13] Enck, W., Ongtang, M., & McDaniel, P. (2009). On lightweight mobile phone application certification. Proceedings of the 16th ACM Conf. Comput. Commun. Secur., pp. 235–245.

      [14] Yerima, S. Y., Sezer, S., McWilliams, G., & Muttik I. (2013). A new android malware detection approach using Bayesian classification. Proceedings of the IEEE 27th Int. Conf. Adv. Inf. Netw. Appl., pp. 121–128.

      [15] Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., & Weiss, Y. (2012). Andromaly’: A behavioral malware detection framework for android devices. J. Intell. Inf. Syst., 38(1), 161–190.

      [16] Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011). Crowdroid: Behavior-based malware detection system for android. Proceedings of the 1st ACM Work. Secur. Priv. smartphones Mob. Devices, pp. 1-11.

      [17] Dini, G., Martinelli, F., Saracino, A., & Sgandurra, D. (2012). MADAM: A multi-level anomaly detector for android malware. Lect. Notes Comp. Sc. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), 7531, 240–253.

      [18] Yuan, Z., Lu, Y., Wang, Z., & Xue, Y. (2014). Droid-Sec: Deep learning in android malware detection. Proceedings of the ACM conference on SIGCOMM, pp. 371–372.

      [19] Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., & Hoffmann, J. (2014). Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques. Int. J. Inf. Secur., 14(2), 141–153.

      [20] Pieterse, H. & Olivier, M. S. (2012). Android botnets on the rise: Trends and characteristics. Proceedings of the IEEE Information Security for South Africa, pp. 1-5.

      [21] Karim, A., Ali Shah, S. A., & Salleh, R. (2014). Mobile botnet attacks: A thematic taxonomy. In A. Rocha, A. Correia, F. Tan, & K. Stroetmann (Eds.), New Perspectives in Information Systems and Technologies. Cham: Springer, pp. 153–164.

      [22] Kadir, F. A., Stakhanova, N., & Ghorbani, A. A. (2015). Android Botnets: What URLs are telling us. Proceedings of the 9th International Conference, Network and System Security, pp. 78–91.

      [23] Pieterse, H. & Burke, I. (2015). Evolution study of android botnets. Proceedings of the 10th International Conference on Cyber Warfare and Security, pp. 232–240.

      [24] Choi, B., Choi, S. K., & Cho, K. (2013). Detection of mobile botnet using VPN. Proceedings of the 7th Int. Conf. Innov. Mob. Internet Serv. Ubiquitous Comput., pp. 142–148.

      [25] Abdullah, Z., Saudi, M. M., & Nor Badrul, A. (2017). ABC: Android botnet classification using feature selection and classification algorithms. Adv. Science Letter, 23(5), 4717–4720.

      [26] Tansettanakorn, C., Thongprasit, S., Thamkongka, S., & Visoottiviseth, V. (2016). ABIS: A prototype of Android Botnet Identification System. Proceedings of the 5th ICT Int. Student Proj. Conf. ICT, pp. 1–5

      [27] Karim, A., Salleh, R., & Shah, S. A. A. (2015). DeDroid: A mobile botnet detection approach based on static analysis. Proceedings of the IEEE 12th Intl Conf Ubiquitous Intell. Comput., pp. 1327–1332.

      [28] Arp, D., Spreitzenbarth, M., Malte, H., Gascon, H., & Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket. Proceedings of the Symp. Netw. Distrib. System Security, pp. 23–26.

      [29] Yusof, M., Saudi, M. M., & Ridzuan, F. (2017). A New Mobile Botnet Classification based on Permission and API Calls. Seventh International Conference on Emerging Security Technologies, pp. 122–127.

      [30] Li, Z., Sun, L., Yan, Q., Srisa-an, W., & Chen, Z. (2017). DroidClassifier: Efficient adaptive mining of application-layer header for classifying android malware. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 198, 597–616.

      [31] Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y. van der Venn, V., & Platzer, C. (2014). ANDRUBIS - 1,000,000 apps later: A view on current android malware behaviors. Proceedings of the 3rd Int. Work. Build. Anal. Datasets Gather. Exp. Returns Secur., pp. 3–17.

      [32] Talha, K. A., Alper, D. I., & Aydin, C. (2015). APK auditor: Permission-based Android malware detection system. Digit. Investig., 13, 1–14.

      [33] VirusTotal. Free online virus, malware and URL scanner, https://www.virustotal.com/.

      [34] ApkTool. (n.d.). A tool for reverse engineering Android apk files, https://ibotpeaches.github.io/Apktool/.

      [35] Pxb1988. dex2jar - Tools to work with android .dex and java .class files, https://sourceforge.net/p/dex2jar/wiki/Home/.

      [36] Google. Manifest.permission | Android Developers, https://developer.android.com/reference/android/Manifest.permission.html.

      [37] Chan, P. P. K., & Song, W. (2014). Static detection of android malware by using permissions and API calls. Proceedings of the International Conference on Machine Learning and Cybernetics, pp. 82–87.

      [38] Feizollah, A., Anuar, N. B., Salleh, R., Amalina, F., Ma’arof, R. R., & Shamshirband, S. (2013). A study of machine learning classifiers for anomaly-based mobile botnet detection. Malaysian J. Comput. Sci., 26(4), 251–265.

      [39] Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., & Bringas, P. G. (2012). On the automatic categorisation of android applications. Proceedings of the IEEE Consum. Commun. Netw., pp. 149–153.

  • Downloads

  • How to Cite

    Yusof, M., Mohd Saudi, M., & Ridzuan, F. (2018). Mobile Botnet Classification by using Hybrid Analysis. International Journal of Engineering & Technology, 7(4.15), 103-108. https://doi.org/10.14419/ijet.v7i4.15.21429

    Received date: 2018-10-09

    Accepted date: 2018-10-09

    Published date: 2018-10-07