Mobile Botnet Classification by using Hybrid Analysis

Yusof, Muhammad; Saudi, Madihah Mohd; Ridzuan, Farida

doi:10.14419/ijet.v7i4.15.21429

Cited by 6 publications

(5 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using both permission and API call features, Random Forest obtained the best results with 99.4% TP rate, 16.1% FP rate, 93.2% precision and 99.4% recall. This work was extended in [36] to include system calls and this resulted in improved performance with Random Forest achieving 99.4% TP rate, 12.5% FP rate, 98.2% precision, 99.4% recall and 97.9% accuracy.…”

Section: Botnet Detection On Androidmentioning

confidence: 99%

A Novel Android Botnet Detection System Using Image-Based and Manifest File Features

Yerima

Bashar

2022

Electronics

View full text Add to dashboard Cite

Malicious botnet applications have become a serious threat and are increasingly incorporating sophisticated detection avoidance techniques. Hence, there is a need for more effective mitigation approaches to combat the rise of Android botnets. Although the use of Machine Learning to detect botnets has been a focus of recent research efforts, several challenges remain. To overcome the limitations of using hand-crafted features for Machine-Learning-based detection, in this paper, we propose a novel mobile botnet detection system based on features extracted from images and a manifest file. The scheme employs a Histogram of Oriented Gradients and byte histograms obtained from images representing the app executable and combines these with features derived from the manifest files. Feature selection is then applied to utilize the best features for classification with Machine-Learning algorithms. The proposed system was evaluated using the ISCX botnet dataset, and the experimental results demonstrate its effectiveness with F1 scores ranging from 0.923 to 0.96 using popular Machine-Learning algorithms. Furthermore, with the Extra Trees model, up to 97.5% overall accuracy was obtained using an 80:20 train–test split, and 96% overall accuracy was obtained using 10-fold cross validation.

show abstract

Section: Botnet Detection On Androidmentioning

confidence: 99%

A Novel Android Botnet Detection System Using Image-Based and Manifest File Features

Yerima

Bashar

2022

Electronics

View full text Add to dashboard Cite

show abstract

“…Random Forest obtained the best results. The work was extended in [13] by including system calls in the feature set. The best results obtained were 99.4% TPR, 12.5% FPR, and 97.9% overall accuracy.…”

Section: Related Workmentioning

confidence: 99%

“…understanding permission protection levels). Moreover, our proposed system requires less feature extraction effort compared to the more manual systems presented in [12], [13], [17], [18], [19] and [26] for example. In section III, we describe the proposed system in greater detail.…”

Section: Related Workmentioning

confidence: 99%

A deep learning-enhanced botnet detection system based on Android manifest text mining

Yerima

2022

2022 10th International Symposium on Digital Forensics and Security (ISDFS)

View full text Add to dashboard Cite

Android botnets remain a significant threat to mobile and IoT systems and networks as they continue to infect millions of devices worldwide. Therefore, there is a need to develop more effective solutions to tackle their spread. Hence, in this paper we propose a system for detecting Android botnets through automated text mining of the manifest files obtained from apps. The proposed method utilizes NLP techniques to extract features from the manifest files and a deep learning-based classification model is used to detect botnet applications. The classification model is implemented using CNN and a traditional machine learning classifier such as SVM, Random Forest or KNN. We performed experiments to evaluate the proposed system with 3858 Android applications consisting of 1929 botnet and 1929 benign samples. The results showed the best overall performance with the CNN-SVM hybrid model which had an average accuracy of 96.9% thus outperforming the singular machine learning classifiers.

show abstract

“…Features from permission and API calls which having related with GPS exploitation and the impact to the privacy, financial and system categories were selected during the analysis. Yusof et al listed out the top 20 permission and API calls features that were related with Android botnet and GPS exploitation Yusof, Saudi, et al, 2017b). As a result, from the comprehensive review and analysis, this research selected 12 features for permissions and 30 features for API calls.…”

Section: Datasetmentioning

confidence: 99%

“…Normally, these third-party or unofficial markets provide free, non-paying apps or cheaper apps as compared to Google Play Store. This attracts more users to use the third-party market and thus, it can possibly expose the smartphone users to download and install malicious apps from this market (Yusof, Saudi, & Ridzuan, 2017b). The risk assessment method is needed before the installation for the existing apps or while downloading the apps from third-party markets, to evaluate the reliability of the apps.…”

Section: Introductionmentioning

confidence: 99%

Android Botnet Detection Using Risk Assessment

Yusof¹,

Saudiand²,

Ridzuan³

2018

Proceedings of the 8th International Conference on Research in Engineering, Science and Technology

Self Cite

View full text Add to dashboard Cite

The increasing popularity of Android mobile phones in recent years has attracted the attention of malware developers. Android applications (apps) pose many risks/threats to the user's privacy and system integrity. Currently, permission-based models are used in the Android systems to detect the dangerous apps that possess several weaknesses. In this paper, a new risk assessment method is proposed to evaluate the amount of risk associated with every app in terms of privacy risk, financial risk, and smartphones system risk. It focused on the GPS exploitation for Android botnet detection. The assessment was based on static analysis that used features set permission and API calls. The quantitative calculation model was used as a method to differentiate between the benign and botnet apps. Every app was assessed for risk based on five categories such as Very High, High, Medium, Low and Very Low. Two datasets with 2694 Android botnet samples from Drebin and 774 benign apps from Google Play were used to evaluate the effectiveness of this method. The obtained results demonstrate that the proposed method is good in differentiating the Android botnet and benign apps based on the risk level. This will give a promising impression to the users during apps installation.

show abstract

Mobile Botnet Classification by using Hybrid Analysis

Cited by 6 publications

References 22 publications

A Novel Android Botnet Detection System Using Image-Based and Manifest File Features

A Novel Android Botnet Detection System Using Image-Based and Manifest File Features

A deep learning-enhanced botnet detection system based on Android manifest text mining

Android Botnet Detection Using Risk Assessment

Contact Info

Product

Resources

About