A Study Of Machine Learning Classifiers for Anomaly-Based Mobile Botnet Detection

In recent years, mobile devices are ubiquitous. They are employed for purposes beyond merely making phone calls. Among the mobile operating systems, Android is the most popular due to its availability as an open source operating system. Due to the proliferation of Android malwares, it is crucial to study the best classifiers that can detect these malwares effectively and accurately through selecting the most suitable network traffic features as well as comprehensive comparison with related works. This study evaluates five machine learning classifiers, namely Naive Bayes, k-nearest neighbour, decision tree, multi-layer perceptron, and support vector machine. The evaluation was validated using malware data samples from the Android Malware Genome Project. The data sample is a collection of malwares gathered between August 2010 and October 2011 by the University of North Carolina. Among various network traffic characteristics, three network features were selected: connection duration, TCP size and number of GET/POST parameters. From the experiment, it is found that knearest neighbour provides the optimum results in terms of performance among the classifiers. The experimental results also indicate a true positive rate as high as 99.94% and false positive of 0.06% for the knearest neighbour classifier.

[1]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[2]  N. B. Anuar,et al.  Identifying False Alarm for Network Intrusion Detection System Using Hybrid Data Mining and Decision Tree , 2008 .

[3]  M. Eslahi,et al.  MoBots: A new generation of botnets on mobile devices and networks , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[4]  Lipo Wang Support vector machines : theory and applications , 2005 .

[5]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[6]  Xiao-Bai Li A scalable decision tree system and its application in pattern recognition and intrusion detection , 2005 .

[7]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[8]  M. Chuah,et al.  Smartphone Dual Defense Protection Framework: Detecting Malicious Applications in Android Markets , 2012, 2012 8th International Conference on Mobile Ad-hoc and Sensor Networks (MSN).

[9]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[10]  Muhammad Shiraz,et al.  A study on virtual machine deployment for application outsourcing in mobile cloud computing , 2012, The Journal of Supercomputing.

[11]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[12]  Maria Papadaki,et al.  Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers , 2012, Secur. Commun. Networks.

[13]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[14]  Brian D. Ripley,et al.  Pattern Recognition and Neural Networks , 1996 .

[15]  Ali A. Ghorbani,et al.  Network Intrusion Detection and Prevention - Concepts and Techniques , 2010, Advances in Information Security.

[16]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[17]  Saeed Setayeshi,et al.  Designing of Rescue Multi Agent System Based on Soft Computing Techniques , 2010 .

[18]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[19]  Mark A. Girolami,et al.  An empirical analysis of the probabilistic K-nearest neighbour classifier , 2007, Pattern Recognit. Lett..

[20]  Rajkumar Buyya,et al.  A Review on Distributed Application Processing Frameworks in Smart Mobile Devices for Mobile Cloud Computing , 2013, IEEE Communications Surveys & Tutorials.

[21]  Shahaboddin Shamshirband,et al.  Anomaly Detection Using Cooperative Fuzzy Logic Controller , 2013, FIRA.

[22]  Nor Badrul Anuar,et al.  An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique , 2013, Eng. Appl. Artif. Intell..

[23]  Feng Xia,et al.  Rich Mobile Applications: Genesis, taxonomy, and open issues , 2014, J. Netw. Comput. Appl..