A Learning Model to Detect Android C&C Applications Using Hybrid Analysis

Abstract

Smartphone devices particularly Android devices are in use by billions of people everywhere in the world. Similarly, this increasing rate attracts mobile botnet attacks which is a network of interconnected nodes operated through the command and control (C&C) method to expand malicious activities. At present, mobile botnet attacks launched the Distributed denial of services (DDoS) that causes to steal of sensitive data, remote access, and spam generation, etc. Consequently, various approaches are defined in the literature to detect mobile botnet attacks using static or dynamic analysis. In this paper, a novel hybrid model, the combination of static and dynamic methods that relies on machine learning to detect android botnet applications is proposed. Furthermore, results are evaluated using machine learning classifiers. The Random Forest (RF) classifier outperform as compared to other ML techniques i.e., Naïve Bayes (NB), Support Vector Machine (SVM), and Simple Logistic (SL). Our proposed framework achieved 97.48% accuracy in the detection of botnet applications. Finally, some future research directions are highlighted regarding botnet attacks detection for the entire community.