An enhanced android botnet detection approach using feature refinement

Anwar, Shahid (2019) An enhanced android botnet detection approach using feature refinement. PhD thesis, Universiti Malaysia Pahang (Contributors, Thesis advisor: Zolkipli, Mohamad Fadli).

[img]
Preview
Pdf
An enhanced android botnet detection approach using feature refinement.wm.pdf

Download (2MB) | Preview

Abstract

In recent years, the botnets have started to evolve in the smartphones and other mobile devices after having an impact on the personal computers. A botnet is a network of infected mobile devices such as smartphones, smart watches, notepads, which are remotely controlled by the bot-herder (botmaster). The botnets targeting the smartphones and mobile devices which are using Android operating system due to their highly personal and powerful attributes. As a result, Android botnet can be used to initiate various distributed coordinated attacks including spam emails, click frauds, bitcoins mining, distributed denial of service attacks disseminating other malware and much more. In order to detect botnet attacks which causes immense chaos and problems to smartphones, first the Android botnet need to be analysed. There are three prominent types of botnet analyses namely static, dynamic and hybrid. Static analysis examines the application code thoroughly, dynamic analysis examines the behaviours of the botware applications, while hybrid analysis is the combination of both of these analyses. Although the existing analyses have been obtained a good accuracy, but the attackers find novel ways of skipping the detection while performing harmful activities. Furthermore, the existing detection techniques can detect only malicious Android applications, while they are unable to detect the Android botnet applications. The aim of this study is to propose a novel static analysis approach. That adopts machine learning techniques to classify botware and benign applications. This classification is performed on the base of botnet related unique patterns of additional requested features namely permissions, activities, broadcast receivers, services and API calls. These features are able to disclose the sensitive information stored on the Android mobile devices. The botware applications used in this study containing 3535 samples were obtained from the Contagio and Drebin datasets, as well as the benign applications containing 3500 samples. The obtained results show that by using the additional features the detection accuracy improved. The experimental evaluation based on real-world benchmark datasets shows that the selected unique patterns can achieve high detection accuracy with low false positive rate. The experimental and statistical tests show that 97.28% accuracy achieved by Random Forest machine classifier, it performs well as compared to other classification algorithms. Based on the test results, various open research issues which need to be addressed in future studies are highlighted.

Item Type: Thesis (PhD)
Additional Information: Thesis (Doctor of Philosophy (Computer Science)) -- Universiti Malaysia Pahang – 2019, SV: ASSOCIATE PROFESSOR TS. DR. MOHAMAD FADLI ZOLKIPLI, NO. CD: 12232
Uncontrolled Keywords: Android botnet; botware applications
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty/Division: Faculty of Computer System And Software Engineering
Institute of Postgraduate Studies
Depositing User: Mrs. Sufarini Mohd Sudin
Date Deposited: 10 Sep 2020 07:37
Last Modified: 16 Feb 2023 08:17
URI: http://umpir.ump.edu.my/id/eprint/29279
Download Statistic: View Download Statistics

Actions (login required)

View Item View Item