Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 22 / Issue 4

available in:   PDF (637 kB) PS (652 kB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-022-04-0567


On the Analysis and Detection of Mobile Botnet Applications

Ahmad Karim (University of Malaya, Malaysia)

Rosli Salleh (King Saud University, Saudi Arabia)

Muhammad Khurram Khan (King Saud University, Saudi Arabia)

Aisha Siddiqa (University of Malaya, Malaysia)

Kim-Kwang Raymond Choo (University of South Australia, Australia)

Abstract: Mobile botnet phenomenon is gaining popularity among malware writers in order to exploit vulnerabilities in smartphones. In particular, mobile botnets enable illegal access to a victim's smartphone, can compromise critical user data and launch a DDoS attack through Command and Control (C&C). In this article, we propose a static analysis approach, DeDroid, to investigate botnet-specific properties that can be used to detect mobile applications with botnet intensions. Initially, we identify critical features by observing code behavior of the few known malware binaries having C&C features. Then, we compare the identified features with the malicious and benign applications of Drebin dataset. The results show against the comparative analysis that, Drebin dataset has 35% malicious applications which qualify as botnets. Upon closer examination, 90% of the potential botnets are confirmed as botnets. Similarly, for comparative analysis against benign applications having C&C features, DeDroid has achieved adequate detection accuracy. In addition, DeDroid has achieved high accuracy with negligible false positive rate while making decision for state-of-the-art malicious applications.

Keywords: botnet detection, botware, malware, mobile botnet, mobile malware detection

Categories: D.4.6, K.6.5, L.4