PodBot: A New Botnet Detection Method by Host and Network-Based Analysis

The growing use of smart phones equipped with a variety of sensors makes them an ideal place for criminal activities and attacks such as bots. Unfortunately, the existing methods have made detection either by using network traffic or just using static analysis. In this paper, a method with a tool called PODBot has been introduced. The detection is done based on both application features and network traffic analysis. PODBot was evaluated on a set of botnets from well-known types and it could accurately detect over 87% in high risk and 96% in very high risk. In addition, in qualitative comparisons of similar tasks, due to the combination of the detection methods, it has features that improve the method relative to the previous methods.

[1]  Tung-Ming Koo,et al.  Construction P2P firewall HTTP-Botnet defense mechanism , 2011, 2011 IEEE International Conference on Computer Science and Automation Engineering.

[2]  Maryam Var Naseri,et al.  Cooperative network behaviour analysis model for mobile Botnet detection , 2016, 2016 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE).

[3]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[4]  Marco Balduzzi,et al.  Take a Deep Breath: A Stealthy, Resilient and Cost-Effective Botnet Using Skype , 2010, DIMVA.

[5]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[6]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[7]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[8]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[9]  Ali A. Ghorbani,et al.  Automatic discovery of botnet communities on large-scale communication networks , 2009, ASIACCS '09.

[10]  M. Eslahi,et al.  MoBots: A new generation of botnets on mobile devices and networks , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[11]  Jing Tao,et al.  Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service , 2012, ACSAC '12.

[12]  Bong-Nam Noh,et al.  The Activity Analysis of Malicious HTTP-Based Botnets Using Degree of Periodic Repeatability , 2008, 2008 International Conference on Security Technology.

[13]  Byungha Choi,et al.  Detection of Mobile Botnet Using VPN , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[14]  Georgios Kambourakis,et al.  Exposing mobile malware from the inside (or what is your mobile app really doing?) , 2014, Peer-to-Peer Netw. Appl..

[15]  Feng Liu,et al.  Modeling Connections Behavior for Web-Based Bots Detection , 2010, 2010 2nd International Conference on E-business and Information System Security.

[16]  Kang G. Shin,et al.  On detection of current and next-generation botnets , 2012 .

[17]  Hamid Reza Shahriari,et al.  BotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle , 2018, ISC Int. J. Inf. Secur..

[18]  Jonathon T. Giffin,et al.  Automated remote repair for mobile malware , 2011, ACSAC '11.

[19]  Vinod Yegneswaran,et al.  Active Botnet Probing to Identify Obscure Command and Control Channels , 2009, 2009 Annual Computer Security Applications Conference.

[20]  Yuval Elovici,et al.  Applying Behavioral Detection on Android-Based Devices , 2010, MOBILWARE.

[21]  Rosli Salleh,et al.  Mobile Botnet Attacks: A Thematic Taxonomy , 2014, WorldCIST.

[22]  Kim-Kwang Raymond Choo,et al.  On the Analysis and Detection of Mobile Botnet Applications , 2016, J. Univers. Comput. Sci..

[23]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[24]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[25]  Ali A. Ghorbani,et al.  Android Botnets: What URLs are Telling Us , 2015, NSS.

[26]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.