JUCS - Journal of Universal Computer Science 22(4): 567-588, doi: 10.3217/jucs-022-04-0567
On the Analysis and Detection of Mobile Botnet Applications
expand article infoAhmad Karim, Muhammad Khurram Khan§, Aisha Siddiqa, Kim-Kwang Raymond Choo|
‡ University of Malaya, Kuala Lumpur, Malaysia§ King Saud University, Riyadh, Saudi Arabia| University of South Australia, Adelaide, Australia
Open Access
Abstract
Mobile botnet phenomenon is gaining popularity among malware writers in order to exploit vulnerabilities in smartphones. In particular, mobile botnets enable illegal access to a victim's smartphone, can compromise critical user data and launch a DDoS attack through Command and Control (C&C). In this article, we propose a static analysis approach, DeDroid, to investigate botnet-specific properties that can be used to detect mobile applications with botnet intensions. Initially, we identify critical features by observing code behavior of the few known malware binaries having C&C features. Then, we compare the identified features with the malicious and benign applications of Drebin dataset. The results show against the comparative analysis that, Drebin dataset has 35% malicious applications which qualify as botnets. Upon closer examination, 90% of the potential botnets are confirmed as botnets. Similarly, for comparative analysis against benign applications having C&C features, DeDroid has achieved adequate detection accuracy. In addition, DeDroid has achieved high accuracy with negligible false positive rate while making decision for state-of-the-art malicious applications.
Keywords
mobile botnet, botnet detection, malware, botware, mobile malware detection