SMSBotHunter: A Novel Anomaly Detection Technique to Detect SMS Botnets

Over the past few years, botnets have emerged as one of the most serious cybersecurity threats faced by individuals and organizations. After infecting millions of servers and workstations worldwide, botmasters have started to develop botnets for mobile devices. Mobile botnets use different mediums to communicate with their botmasters. Although significant research has been done to detect mobile botnets that use the Internet as their command and control (C&C) channel, little research has investigated SMS botnets per se. In order to fill this gap, in this paper, we first divide SMS botnets based on their characteristics into three families, namely, info stealer, SMS stealer, and SMS spammer. Then, we propose SMSBotHunter, a novel anomaly detection technique that detects SMS botnets using textual and behavioral features and one-class classification. We experimentally evaluate the detection performance of SMSBotHunter by simulating the behavior of human users and SMS botnets. The experimental results demonstrate that most of the SMS messages sent or received by info stealer and SMS spammer botnets can be detected using textual features exclusively. It is also revealed that behavioral features are crucial for the detection of SMS stealer botnets and will improve the overall detection performance.

[1]  Ulrike Meyer,et al.  4GMOP: Mopping Malware Initiated SMS Traffic in Mobile Networks , 2013, ISC.

[2]  Gabriel Maciá-Fernández,et al.  Survey and taxonomy of botnet research through life-cycle , 2013, CSUR.

[3]  Ayman I. Kayssi,et al.  Android SMS botnet: a new perspective , 2012, MobiWac '12.

[4]  Yan Chen,et al.  Botnet Research Survey , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[5]  Ali Feizollah,et al.  A Study Of Machine Learning Classifiers for Anomaly-Based Mobile Botnet Detection , 2013 .

[6]  Issa Traoré,et al.  SMS Botnet Detection for Android Devices through Intent Capture and Modeling , 2015, 2015 IEEE 34th Symposium on Reliable Distributed Systems Workshop (SRDSW).

[7]  Hossein Rouhani Zeidanloo,et al.  A taxonomy of Botnet detection techniques , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[8]  Mark E. J. Newman,et al.  Power-Law Distributions in Empirical Data , 2007, SIAM Rev..

[9]  Wang Bing-Hong,et al.  Heavy-Tailed Statistics in Short-Message Communication , 2009 .

[10]  Jingyu Hua,et al.  Botnet command and control based on Short Message Service and human mobility , 2013, Comput. Networks.

[11]  Xin Meng,et al.  MBotCS: A Mobile Botnet Detection System Based on Machine Learning , 2015, CRiSIS.

[12]  Ulrike Meyer,et al.  Classification of Short Messages Initiated by Mobile Malware , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[13]  R. Anitha,et al.  Structural analysis and detection of android botnets using machine learning techniques , 2017, International Journal of Information Security.

[14]  R. Nigam,et al.  A Timeline Of Mobile Botnets , 2015 .

[15]  C. Castillo Android Malware Past , Present , and Future , 2011 .

[16]  Ali A. Ghorbani,et al.  SMS mobile botnet detection using a multi-agent system: research in progress , 2014, ACySE '14.

[17]  Zhi-Dan Zhao,et al.  Empirical Analysis on the Human Dynamics of a Large-Scale Short Message Communication System , 2011 .

[18]  Binxing Fang,et al.  Andbot: Towards Advanced Mobile Botnets , 2011, USENIX Workshop on Large-Scale Exploits and Emergent Threats.

[19]  Akebo Yamakami,et al.  Contributions to the study of SMS spam filtering: new collection and results , 2011, DocEng '11.