Real-time signature-based detection approach for SMS botnet

Abstract

As an open platform for mobile electronic devices, Android is experiencing a steady growth in the number of published applications (apps). Features of the Android platform have caught the attention of malicious users who have targeted the Short Message Service (SMS) to abuse its permissions. Various types of attack, referred to as botnets, can be executed without the user's knowledge by taking advantage of SMS messages, such as sending text message spam, transferring all command and control (C&C) instructions, launching denial-of-service (DoS) attacks, sending premium-rate SMS messages, or distributing malicious applications via URLs embedded in text messages. In this paper, we propose a real-time signature-based detection mechanism to combat SMS botnets, in which we first apply pattern-matching detection approaches for incoming and outgoing SMS text messages, and then use rule-based techniques to label unknown SMS messages as suspicious or normal. This approach was evaluated using over 12,000 test messages. It was able to detect all 747 malicious SMS messages in the dataset (100% detection rate with no false negatives). It also flagged 351 SMS messages as suspicious.