Detecting mobile botnets through machine learning and system calls analysis

Botnets have been a serious threat to the Internet security. With the constant sophistication and the resilience of them, a new trend has emerged, shifting botnets from the traditional desktop to the mobile environment. As in the desktop domain, detecting mobile botnets is essential to minimize the threat that they impose. Along the diverse set of strategies applied to detect these botnets, the ones that show the best and most generalized results involve discovering patterns in their anomalous behavior. In the mobile botnet field, one way to detect these patterns is by analyzing the operation parameters of this kind of applications. In this paper, we present an anomaly-based and host-based approach to detect mobile botnets. The proposed approach uses machine learning algorithms to identify anomalous behaviors in statistical features extracted from system calls. Using a self-generated dataset containing 13 families of mobile botnets and legitimate applications, we were able to test the performance of our approach in a close-to-reality scenario. The proposed approach achieved great results, including low false positive rates and high true detection rates.

[1]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[2]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[3]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[4]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[5]  Chin-Tser Huang,et al.  Using anomaly detection based techniques to detect HTTP-based botnet C&C traffic , 2016, 2016 IEEE International Conference on Communications (ICC).

[6]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[7]  Ali A. Ghorbani,et al.  Android Botnets: What URLs are Telling Us , 2015, NSS.

[8]  Rosli Salleh,et al.  SMARTbot: A Behavioral Analysis Framework Augmented with Machine Learning to Identify Mobile Botnet Applications , 2016, PloS one.

[9]  Jens Myrup Pedersen,et al.  An efficient flow-based botnet detection using supervised machine learning , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[10]  M. Eslahi,et al.  MoBots: A new generation of botnets on mobile devices and networks , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[11]  Sateesh K. Peddoju,et al.  Behaviour analysis of machine learning algorithms for detecting P2P botnets , 2013, 2013 15th International Conference on Advanced Computing Technologies (ICACT).