Mobile Botnet Classification by using Hybrid Analysis

Abstract

The popularity and adoption of Android smartphones has attracted malware authors to spread the malware to smartphone users. The malware on smartphone comes in various forms such as Trojans, viruses, worms and mobile botnet. However, mobile botnet or Android botnet are more dangerous since they pose serious threats by stealing user credential information, distributing spam and sending distributed denial of service (DDoS) attacks. Mobile botnet is defined as a collection of compromised mobile smartphones and controlled by a botmaster through a command and control (C&C) channel to serve a malicious purpose. Current research is still lacking in terms of their low detection rate due to their selected features. It is expected that a hybrid analysis could improve the detection rate. Therefore, machine learning methods and hybrid analysis which combines static and dynamic analyses were used to analyse and classify system calls, permission and API calls. The objective of this paper is to leverage machine learning techniques to classify the Android applications (apps) as botnet or benign. The experiment used malware dataset from the Drebin for the training and mobile applications from Google Play Store for testing. The results showed that Random Forest Algorithm achieved the highest accuracy rate of 97.9%. In future, more significant approach by using different feature selection such as intent, string and system component will be further explored for a better detection and accuracy rate.