Skip to main content
SpringerLink
Log in

Structural analysis and detection of android botnets using machine learning techniques

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Nowadays, smartphone devices are an integral part of our lives since they enable us to access a large variety of services from personal to banking. The worldwide popularity and adoption of smartphone devices continue to approach the capabilities of traditional computing environments. The computer malware like botnets is becoming an emerging threat to users and network operators, especially on popular platform such as android. Due to the rapid growth of botnet applications, there is a pressing need to develop an effective solution to detect them. Most of the existing detection techniques can detect only malicious android applications, but it cannot detect android botnet applications. In this paper, we propose a structural analysis-based learning framework, which adopts machine learning techniques to classify botnets and benign applications using the botnet characteristics-related unique patterns of requested permissions and used features. The experimental evaluation based on real-world benchmark datasets shows that the selected patterns can achieve high detection accuracy with low false positive rate. The experimental and statistical tests show that the support vector machine classifier performs well compared to other classification algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Abdullah, Z., Saudi, M.M., Anuar, N.B.: Mobile botnet detection: proof of concept. In: 2014 IEEE 5th Control and System Graduate Research Colloquium (ICSGRC), pp. 257–262. IEEE (2014)

  2. Anagnostopoulos, M., Kambourakis, G., Gritzalis, S.: New facets of mobile botnet: architecture and evaluation. Int. J. Inf. Secur. 1–19 (2015)

  3. Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: effective and explainable detection of android malware in your pocket (2014)

  4. Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84. ACM (2010)

  5. Borja, S., Igor, S., Carlos, L., et al.: Puma: permission usage to detect malware in android. In: International Joint Conference CISIS, vol. 12

  6. Campbell, C., Ying, Y.: Learning with support vector machines. Synth. Lect. Artif. Intell. Mach. Learn. 5(1), 1–95 (2011)

    Article  MATH  Google Scholar 

  7. Choi, B., Choi, S.K., Cho, K.: Detection of mobile botnet using VPN. In: 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 142–148. IEEE (2013)

  8. Cisco 2014 annual security report. Technical Report. http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf/ (2014)

  9. Flo, A., Josang, A.: Consequences of botnets spreading to mobile devices. In: Short-Paper Proceedings of the 14th Nordic Conference on Secure IT Systems (NordSec 2009), pp. 37–43 (2009)

  10. F-secure. Mobile threat report January–March 2013. Technical Report (2013)

  11. Frank, M., Dong, B., Felt, A.P., Song, D.: Mining permission request patterns from android and facebook applications. In: ICDM, pp. 870–875 (2012)

  12. Funk, C., Garnaeva, M.: Kaspersky security bulletin 2013. Overall statistics for 2013. Securelist (2013)

  13. Google android market applications. http://code.google.com/p/android-market-api/ (2013–2015)

  14. Gupta, K.K., Nath, B., Kotagiri, R.: Layered approach using conditional random fields for intrusion detection. IEEE Trans. Dependable Secure Comput. 7(1), 35–49 (2010)

    Article  Google Scholar 

  15. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. ACM SIGKDD Explor. Newsl. 11(1), 10–18 (2009)

    Article  Google Scholar 

  16. Hashim, H.A.B., Saudi, M.M., Basir, N.: A systematic review analysis of root exploitation for mobile botnet detection. In: Advanced Computer and Communication Engineering Technology, pp. 113–122. Springer (2016)

  17. Johnson, E., Traore, I.: Sms botnet detection for android devices through intent capture and modeling. In: 2015 IEEE 34th Symposium on Reliable Distributed Systems Workshop (SRDSW), pp. 36–41. IEEE (2015)

  18. Kadir, A.F.A., Stakhanova, N., Ghorbani, A.A.: Android botnets: What urls are telling us. In: Network and System Security, pp. 78–91. Springer (2015)

  19. Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)

    Article  Google Scholar 

  20. Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious android applications. Future Gener. Comput. Syst. 36, 122–132 (2014)

    Article  Google Scholar 

  21. Mukherjee, S., Sharma, N.: Intrusion detection using naive bayes classifier with feature reduction. Procedia Technol. 4, 119–128 (2012)

    Article  Google Scholar 

  22. Ngai, E.W., Xiu, L., Chau, D.C.: Application of data mining techniques in customer relationship management: a literature review and classification. Expert Syst. Appl. 36(2), 2592–2602 (2009)

    Article  Google Scholar 

  23. Oh, T., Jadhav, S., Kim, Y.H.: Android botnet categorization and family detection based on behavioural and signature data. In: 2015 International Conference on Information and Communication Technology Convergence (ICTC), pp. 647–652. IEEE (2015)

  24. Pandaapp-android applications repository. http://www.pandaapp.org/ (2015)

  25. Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence (ICTAI), pp. 300–305. IEEE (2013)

  26. Pieterse, H., Olivier, M.S.: Android botnets on the rise: trends and characteristics. In: Information Security for South Africa (ISSA), 2012, pp. 1–5. IEEE (2012)

  27. Rahman, M., Saudi, M.M.: Systematic analysis on mobile botnet detection techniques using genetic algorithm. In: Advanced Computer and Communication Engineering Technology, pp. 389–397. Springer (2015)

  28. Rashidi, B., Fung, C.: Bottracer: bot user detection using clustering method in recdroid. In: NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, pp. 1239–1244. IEEE (2016)

  29. Rassameeroj, I., Tanahashi, Y.: Various approaches in analyzing android applications with its permission-based security models. In: 2011 IEEE International Conference on Electro/Information Technology (EIT), pp. 1–6. IEEE (2011)

  30. Rasthofer, S., Asrar, I., Huber, S., Bodden, E.: An investigation of the android/badaccents malware which exploits a new android tapjacking attack (2015)

  31. Rong, J., Vu, H.Q., Law, R., Li, G.: A behavioral analysis of web sharers and browsers in Hong Kong using targeted association rule mining. Tour. Manag. 33(4), 731–740 (2012)

  32. Slideme-android applications repository. http://www.slideme.org/ (2015)

  33. Teufl, P., Ferk, M., Fitzek, A., Hein, D., Kraxberger, S., Orthacker, C.: Malware detection by applying knowledge discovery processes to application metadata on the android market (google play). Secur. Commun. Netw. (2013)

  34. Total, V.: Virustotal-free online virus, malware and URL scanner (2012)

  35. Uscilowski, B.: Symantec security response (mobile adware and malware analysis. Technical Report http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/madware_and_malware_analysis.pdf/ (2014)

  36. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)

    Article  Google Scholar 

  37. Yerima, S.Y., Sezer, S., McWilliams, G.: Analysis of bayesian classification-based approaches for android malware detection. IET Inf. Secur. 8(1), 25–36 (2014)

    Article  Google Scholar 

  38. Zheng, M., Sun, M., Lui, J.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 163–171. IEEE (2013)

  39. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)

  40. Zhu, J., Guan, Z., Yang, Y., Yu, L., Sun, H., Chen, Z.: Permission-based abnormal application detection for android. In: Information and Communications Security, pp. 228–239. Springer (2012)

Download references

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Coimbatore, Tamil Nadu, India

    G. Kirubavathi & R. Anitha

Authors
  1. G. Kirubavathi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Anitha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to G. Kirubavathi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kirubavathi, G., Anitha, R. Structural analysis and detection of android botnets using machine learning techniques. Int. J. Inf. Secur. 17, 153–167 (2018). https://doi.org/10.1007/s10207-017-0363-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-017-0363-3

Keywords

Search

Navigation