Abstract
Botnets have traditionally been seen as a threat to personal computers; however, the recent shift to mobile platforms resulted in a wave of new botnets. Due to its popularity, Android mobile Operating System became the most targeted platform. In spite of rising numbers, there is a significant gap in understanding the nature of mobile botnets and their communication characteristics. In this paper, we address this gap and provide a deep analysis of Command and Control (C&C) and built-in URLs of Android botnets detected since the first appearance of the Android platform. By combining both static and dynamic analyses with visualization, we uncover the relationships between the majority of the analyzed botnet families and offer an insight into each malicious infrastructure. As a part of this study we compile and offer to the research community a dataset containing 1929 samples representing 14 Android botnet families.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Mobile malware mini dump. http://contagiominidump.blogspot.ca/ (accessed April 1, 2015)
Security threat trends. https://www.sophos.com/en-us/threat-center/medialibrary/PDFs/other/sophos-trends-and-predictions-2015.pdf (accessed August 1, 2015)
Virus total. https://www.virustotal.com/en/ (accessed June 12, 2015)
Android malware: Past, present, and future. http://www.locked.com/sites/default/files/android-malware-past-present-future-wp.pdf (accessed June 7, 2015)
Malware Blocklist. http://www.malwaredomains.com/ (accessed March 5, 2015)
Shalla’s blacklists. http://www.shallalist.de/ (accessed March 5, 2015)
Url blacklist. http://www.urlblacklist.com/ (accessed March 5, 2015)
Zeus tracker. https://zeustracker.abuse.ch/blocklist.php (accessed March 5, 2015)
Anubis: web-based malware analysis for unknown binaries. https://anubis.iseclab.org/ (accessed May 30, 2015)
Abdelrahman, O.H., Gelenbe, E., Görbil, G., Oklander, B.: Mobile network anomaly detection and mitigation: the NEMESYS approach. In: Information Sciences and Systems 2013, pp. 429–438. Springer (2013)
Alzahrani, A.J., Ghorbani, A.A.: SMS mobile botnet detection using a multi-agent system: research in progress. In: Proceedings of the 1st International Workshop on Agents and CyberSecurity, pp. 2:1–2:8. ACM, New York (2014)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84. ACM, New York (2010)
Chebyshev, V., Unuchek, R.: Mobile malware evolution. https://securelist.com/analysis/kaspersky-security-bulletin/58335/mobile-malware-evolution-2013/ (accessed March 5, 2015)
Choi, B., Choi, S.K., Cho, K.: Detection of mobile botnet using VPN. In: Proceedings of the 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 142–148. IEEE Computer Society, Washington (2013)
Feizollah, A., Anuar, N.B., Salleh, R., Amalina, F., Maarof, R.R., Shamshirband, S.: A study of machine learning classifiers for anomaly-based mobile botnet detection. Malaysian Journal of Computer Science 26(4) (2014)
Geng, G., Xu, G., Zhang, M., Yang, Y., Yang, G.: An improved SMS based heterogeneous mobile botnet model. In: 2011 IEEE International Conference on Information and Automation (ICIA), pp. 198–202, June 2011
Hamon, V.: Android botnets for multi-targeted attacks. Journal of Computer Virology and Hacking Techniques, 1–10 (2014)
Hasan, R., Saxena, N., Haleviz, T., Zawoad, S., Rinehart, D.: Sensing-enabled channels for hard-to-detect command and control of mobile devices. In: Proceedings of the 8th ACM SIGSAC Symposium on Information. Computer and Communications Security, pp. 469–480. ACM, New York (2013)
Hua, J., Sakurai, K.: A SMS-based mobile botnet using flooding algorithm. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 264–279. Springer, Heidelberg (2011)
Le, A., Markopoulou, A., Faloutsos, M.: Phishdef:url names say it all. In: 2011 Proceedings IEEE INFOCOM, pp. 191–195. IEEE (2011)
Loorak, M.H., Fong, P.W.L., Carpendale, S.: Papilio: Visualizing Android Application Permissions. Computer Graphics Forum 33(3), 391–400 (2014). http://diglib.eg.org/EG/CGF/volume33/issue3/v33i3pp391-400.pdf
Luoshi, Z., Yan, N., Xiao, W., Zhaoguo, W., Yibo, X.: A3: automatic analysis of android malware. In: 1st International Workshop on Cloud Computing and Information Security. Atlantis Press (2013)
Pieterse, H., Olivier, M.: Android botnets on the rise: trends and characteristics. In: Information Security for South Africa (ISSA), pp. 1–5, August 2012
Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 223–234. ACM, New York (2009)
Vural, I., Venter, H.: Mobile botnet detection using network forensics. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds.) FIS 2010. LNCS, vol. 6369, pp. 57–67. Springer, Heidelberg (2010)
Xiang, C., Binxing, F., Lihua, Y., Xiaoyi, L., Tianning, Z.: Andbot: towards advanced mobile botnets. In: Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, p. 11. USENIX Association, Berkeley (2011)
Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and p2p-structured mobile botnets. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 137–148. ACM, New York (2012)
Zhao, S., Lee, P.P.C., Lui, J.C.S., Guan, X., Ma, X., Tao, J.: Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 119–128. ACM, New York (2012)
Zhou, Y., Jiang, X.: An analysis of the Anserverbot trojan. Tech. rep., Technical report, NQ Mobile Security Research Center (2011)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109, May 2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Abdul Kadir, A.F., Stakhanova, N., Ghorbani, A.A. (2015). Android Botnets: What URLs are Telling Us. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-25645-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25644-3
Online ISBN: 978-3-319-25645-0
eBook Packages: Computer ScienceComputer Science (R0)