A new method for assigning appropriate labels to create a 28 Standard Android Botnet Dataset (28-SABD)

Abstract

A mobile botnet is a malicious software which as an advanced version of botnet can do destructive functions such as stealing important information, Denial of Service attack, sending malicious codes through Short Message Service (SMS), eavesdropping and recently extracting electronic crypto currency mining. Hyper Text Transfer Protocol, SMS, and Bluetooth are three protocols which are used by the mobile botnets to communicate. The Android Operating system (OS) has the largest number of users among other OS smartphones. In addition, it is an open source OS that allows attackers to exploit the bugs of the OS. However, there is no standard dataset which contain most of Android botnets families. Therefore, present study attempted to create a 28 Standard Android Botnet Dataset (28-SABD). Hence, 14 families of Android botnets including 1929 Android applications were exploited and their traffic was captured in execution and background manner. A small percentage of the captured data was labeled by a signature-based method. Then, the ensemble K-Nearest Neighbors (KNN) technique was used in order to improve the accuracy of the assigned labels by the signature-based method. As a result, the training dataset with reliable labels and the test dataset without labels were created. Finally, the remainder of the captured data (test dataset) was labeled using an ensemble Semi-Supervised KNN algorithm and the training dataset. Simulation results also indicated that more than 14 million packets of Android botnets traffic were collected to create 28-SABD. The data were also assigned labels with more than 94% accuracy.