Are mobile botnets a possible threat? The case of SlowBot Net

In virtue of the large-scale diffusion of smartphones and tablets, a possible exploitation of such devices to execute cyber-attacks should be evaluated. This scenario is rarely considered by cyber-criminals, since mobile devices commonly represent a target of attacks, instead of an exploitable resource. In this paper we analyze the possibility to execute distributed denial of service attacks from mobile phones. We introduce SlowBot Net, a botnet infrastructure designed to involve mobile agents, and we compare it with Low-Orbit Ion Cannon (also called LOIC), a well-known botnet adopted by cyber-hacktivists on the Internet. Results prove that SlowBot Net requires fewer resources to the attacker and it is effectively deployable on mobile nodes. Since research related to mobile botnets is still immature, the proposed work should be considered a valuable resource enriching the cyber-security field.

[1]  Paul M. Mather,et al.  Convergence Technologies for 3G Networks: IP, UMTS, EGPRS and ATM , 2004 .

[2]  Guangxuan Chen,et al.  Mobile Botnet Propagation Modeling in Wi-Fi Networks , 2015 .

[3]  Wenke Lee,et al.  Evaluating Bluetooth as a Medium for Botnet Command and Control , 2010, DIMVA.

[4]  Jiaming He,et al.  Extending Android Security Enforcement with a Security Distance Model , 2011, 2011 International Conference on Internet Technology and Applications.

[5]  Guang Yang,et al.  The Design of SMS Based Heterogeneous Mobile Botnet , 2012, J. Comput..

[6]  Stefania Sesia,et al.  LTE - The UMTS Long Term Evolution , 2009 .

[7]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[8]  Giovanni Chiola,et al.  Slow DoS attacks: definition and categorisation , 2013, Int. J. Trust. Manag. Comput. Commun..

[9]  Jong Kim,et al.  Punobot: Mobile Botnet Using Push Notification Service in Android , 2013, WISA.

[10]  Georgios Kambourakis,et al.  Exposing mobile malware from the inside (or what is your mobile app really doing?) , 2014, Peer-to-Peer Netw. Appl..

[11]  Steve Mansfield-Devine,et al.  Anonymous: serious threat or mere annoyance? , 2011, Netw. Secur..

[12]  M. Mongelli,et al.  Detection of DoS attacks through Fourier transform and mutual information , 2015, 2015 IEEE International Conference on Communications (ICC).

[13]  Tom Gaffney Following in the footsteps of Windows: how Android malware development is looking very familiar , 2013, Netw. Secur..

[14]  Eemil Lagerspetz,et al.  The company you keep: mobile malware infection rates and inexpensive risk indicators , 2013, WWW.

[15]  Maurizio Aiello,et al.  Taxonomy of Slow DoS Attacks to Web Applications , 2012, SNDS.

[16]  Valérie Viet Triem Tong,et al.  Capturing Android Malware Behaviour Using System Flow Graph , 2014, NSS.

[17]  Tom Stafford,et al.  Spyware: The Ghost in the Machine , 2004, Commun. Assoc. Inf. Syst..

[18]  Jean-Pierre Seifert,et al.  Rise of the iBots: Owning a telco network , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[19]  Bernard Testa,et al.  Emergence and Dissolvence in the Self-organisation of Complex Systems , 2000, Entropy.

[20]  Fang Binxing,et al.  Andbot: towards advanced mobile botnets , 2011 .

[21]  Zhuo Lu,et al.  How can botnets cause storms? Understanding the evolution and impact of mobile botnets , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[22]  Juan E. Tapiador,et al.  Stegomalware: Playing Hide and Seek with Malicious Components in Smartphone Apps , 2014, Inscrypt.

[23]  Can Zhang,et al.  A Mobile Botnet Model Based on Android System , 2013, ISCTCS.

[24]  Axelle Apvrille Symbian worm Yxes: towards mobile botnets? , 2012, Journal in Computer Virology.

[25]  M. Eslahi,et al.  MoBots: A new generation of botnets on mobile devices and networks , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[26]  P. J. Criscuolo Distributed Denial of Service Tools, Trin00, Tribe Flood Network, Tribe Flood Network 2000 and Stacheldraht. , 2000 .

[27]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[28]  Guang Yang,et al.  An improved SMS based heterogeneous mobile botnet model , 2011, 2011 IEEE International Conference on Information and Automation.

[29]  Maurizio Aiello,et al.  Mobile Botnets Development: Issues and Solutions , 2014 .

[30]  Wang Shuai,et al.  S-URL Flux: A Novel C&C Protocol for Mobile Botnets , 2012 .

[31]  Heloise Pieterse,et al.  Android botnets on the rise: Trends and characteristics , 2012, 2012 Information Security for South Africa.

[32]  Jingyu Hua,et al.  A SMS-Based Mobile Botnet Using Flooding Algorithm , 2011, WISTP.

[33]  Cristina Conde,et al.  Detecting denial of service by modelling web-server behaviour , 2013, Comput. Electr. Eng..

[34]  Jingyu Hua,et al.  Botnet command and control based on Short Message Service and human mobility , 2013, Comput. Networks.

[35]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[36]  Erik Dahlman,et al.  4G: LTE/LTE-Advanced for Mobile Broadband , 2011 .

[37]  Heloise Pieterse,et al.  Bluetooth Command and Control channel , 2014, Comput. Secur..

[38]  Walter J. Goralski ADSL and DSL Technologies , 1998 .

[39]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[40]  Dan Bleaken Botwars: the fight against criminal cyber networks , 2010 .

[41]  Maurizio Aiello,et al.  SlowReq: A Weapon for Cyberwarfare Operations. Characteristics, Limits, Performance, Remediations , 2013, SOCO-CISIS-ICEUTE.

[42]  B. M. Patil,et al.  Low-rate DDOS Attack Detection using Optimal Objective Entropy Method , 2013 .

[43]  Wenke Lee,et al.  Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[44]  Kang G. Shin,et al.  Design of SMS commanded-and-controlled and P2P-structured mobile botnets , 2012, WISEC '12.

[45]  Na Li,et al.  CPbot: The Construction of Mobile Botnet Using GCM , 2014 .

[46]  Rosli Salleh,et al.  Mobile Botnet Attacks: A Thematic Taxonomy , 2014, WorldCIST.

[47]  Stefania Sesia,et al.  LTE - The UMTS Long Term Evolution, Second Edition , 2011 .

[48]  Axelle Apvrille The evolution of mobile malware , 2014 .

[49]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[50]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[51]  Zhang Qifei,et al.  Detection of Low-rate DDoS Attack Based on Self-Similarity , 2010, 2010 Second International Workshop on Education Technology and Computer Science.

[52]  Guofei Gu,et al.  A Taxonomy of Botnet Structures , 2007, ACSAC.

[53]  Shahaboddin Shamshirband,et al.  Mobile Botnet Attacks - an Emerging Threat: Classification, Review and Open Issues , 2015, KSII Trans. Internet Inf. Syst..

[54]  Maurizio Mongelli,et al.  An on-line intrusion detection approach to identify low-rate DoS attacks , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[55]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.