Mobile Botnet Attacks - an Emerging Threat: Classification, Review and Open Issues

The rapid development of smartphone technologies have resulted in the evolution of mobile botnets. The implications of botnets have inspired attention from the academia and the industry alike, which includes vendors, investors, hackers, and researcher community. Above all, the capability of botnets is uncovered through a wide range of malicious activities, such as distributed denial of service (DDoS), theft of business information, remote access, online or click fraud, phishing, malware distribution, spam emails, and building mobile devices for the illegitimate exchange of information and materials. In this study, we investigate mobile botnet attacks by exploring attack vectors and subsequently present a well-defined thematic taxonomy. By identifying the significant parameters from the taxonomy, we compared the effects of existing mobile botnets on commercial platforms as well as open source mobile operating system platforms. The parameters for review include mobile botnet architecture, platform, target audience, vulnerabilities or loopholes, operational impact, and detection approaches. In relation to our findings, research challenges are then presented in this domain.

[1]  Audun Jøsang,et al.  Consequences of Botnets Spreading to Mobile Devices , 2009 .

[2]  Ayman I. Kayssi,et al.  Android SMS botnet: a new perspective , 2012, MobiWac '12.

[3]  Gunter Ollmann The evolution of commercial malware development kits and colour-by-numbers custom malware , 2008 .

[4]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[5]  Byungha Choi,et al.  Detection of Mobile Botnet Using VPN , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[6]  William Stackpole,et al.  Android Malware Analysis Platform , .

[7]  Jing Tao,et al.  Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service , 2012, ACSAC '12.

[8]  Guang Yang,et al.  An improved SMS based heterogeneous mobile botnet model , 2011, 2011 IEEE International Conference on Information and Automation.

[9]  Erol Gelenbe,et al.  Mobile Network Anomaly Detection and Mitigation: The NEMESYS Approach , 2013, ISCIS.

[10]  Ajay R. Mishra,et al.  Advanced Cellular Network Planning and Optimisation: 2G/2.5G/3G...Evolution to 4G , 2006 .

[11]  Heloise Pieterse,et al.  Bluetooth Command and Control channel , 2014, Comput. Secur..

[12]  Kang G. Shin,et al.  Design of SMS commanded-and-controlled and P2P-structured mobile botnets , 2012, WISEC '12.

[13]  Yanick Fratantonio,et al.  Andrubis: Android Malware Under the Magnifying Glass , 2014 .

[14]  P. Vinod,et al.  Droid permission miner: Mining prominent permissions for Android malware analysis , 2014, The Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT 2014).

[15]  Nishit Narang,et al.  3G mobile networks : architecture, protocols and procedures : based on 3GPP specifications for UMTS WCDMA networks , 2005 .

[16]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[17]  Wenke Lee,et al.  Evaluating Bluetooth as a Medium for Botnet Command and Control , 2010, DIMVA.

[18]  Guang Yang,et al.  The Design of SMS Based Heterogeneous Mobile Botnet , 2012, J. Comput..

[19]  Han Qi,et al.  Sierpinski triangle based data center architecture in cloud computing , 2014, The Journal of Supercomputing.

[20]  Rosli Salleh,et al.  Mobile Botnet Attacks: A Thematic Taxonomy , 2014, WorldCIST.

[21]  Jonathon T. Giffin,et al.  Automated remote repair for mobile malware , 2011, ACSAC '11.

[22]  H Pieterse,et al.  Design of a hybrid command and control mobile botnet: Presentation , 2013 .

[23]  Jaehyoun Kim,et al.  Status and Problems of Online Game Regulations for Juvenile Protection , 2015 .

[24]  Matthew Smith,et al.  Evaluating the threat of epidemic mobile malware , 2012, 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[25]  Ali A. Ghorbani,et al.  SMS mobile botnet detection using a multi-agent system: research in progress , 2014, ACySE '14.

[26]  Muhammad Shiraz,et al.  A Lightweight Distributed Framework for Computational Offloading in Mobile Cloud Computing , 2014, PloS one.

[27]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[28]  Tao Wei,et al.  DroidLogger: Reveal suspicious behavior of Android applications via instrumentation , 2012, 2012 7th International Conference on Computing and Convergence Technology (ICCCT).

[29]  Binxing Fang,et al.  Andbot: Towards Advanced Mobile Botnets , 2011, USENIX Workshop on Large-Scale Exploits and Emergent Threats.

[30]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[31]  Muhammad Shiraz,et al.  A review on interworking and mobility techniques for seamless connectivity in mobile cloud computing , 2014, J. Netw. Comput. Appl..

[32]  Woei-Jiunn Tsaur,et al.  Identifying Smartphone Malware Using Data Mining Technology , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).

[33]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[34]  Muhammad Awais Azam,et al.  Classification of Mobile P2P Malware Based on Propagation Behaviour , 2010 .

[35]  Sung Won Kim,et al.  A Novel Trust Establishment Method for Wireless Sensor Networks , 2015, KSII Trans. Internet Inf. Syst..

[36]  Radha Poovendran,et al.  LIDAR: a layered intrusion detection and remediationframework for smartphones , 2013, ISARCS '13.