An enhanced android botnet detection approach using feature refinement
In recent years, the botnets have started to evolve in the smartphones and other mobile devices after having an impact on the personal computers. A botnet is a network of infected mobile devices such as smartphones, smart watches, notepads, which are remotely controlled by the bot-herder (botmaster)...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/29279/1/An%20enhanced%20android%20botnet%20detection%20approach%20using%20feature%20refinement.wm.pdf http://umpir.ump.edu.my/id/eprint/29279/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.ump.umpir.29279 |
|---|---|
| record_format |
eprints |
| spelling |
my.ump.umpir.292792023-02-16T08:17:57Z http://umpir.ump.edu.my/id/eprint/29279/ An enhanced android botnet detection approach using feature refinement Anwar, Shahid QA75 Electronic computers. Computer science In recent years, the botnets have started to evolve in the smartphones and other mobile devices after having an impact on the personal computers. A botnet is a network of infected mobile devices such as smartphones, smart watches, notepads, which are remotely controlled by the bot-herder (botmaster). The botnets targeting the smartphones and mobile devices which are using Android operating system due to their highly personal and powerful attributes. As a result, Android botnet can be used to initiate various distributed coordinated attacks including spam emails, click frauds, bitcoins mining, distributed denial of service attacks disseminating other malware and much more. In order to detect botnet attacks which causes immense chaos and problems to smartphones, first the Android botnet need to be analysed. There are three prominent types of botnet analyses namely static, dynamic and hybrid. Static analysis examines the application code thoroughly, dynamic analysis examines the behaviours of the botware applications, while hybrid analysis is the combination of both of these analyses. Although the existing analyses have been obtained a good accuracy, but the attackers find novel ways of skipping the detection while performing harmful activities. Furthermore, the existing detection techniques can detect only malicious Android applications, while they are unable to detect the Android botnet applications. The aim of this study is to propose a novel static analysis approach. That adopts machine learning techniques to classify botware and benign applications. This classification is performed on the base of botnet related unique patterns of additional requested features namely permissions, activities, broadcast receivers, services and API calls. These features are able to disclose the sensitive information stored on the Android mobile devices. The botware applications used in this study containing 3535 samples were obtained from the Contagio and Drebin datasets, as well as the benign applications containing 3500 samples. The obtained results show that by using the additional features the detection accuracy improved. The experimental evaluation based on real-world benchmark datasets shows that the selected unique patterns can achieve high detection accuracy with low false positive rate. The experimental and statistical tests show that 97.28% accuracy achieved by Random Forest machine classifier, it performs well as compared to other classification algorithms. Based on the test results, various open research issues which need to be addressed in future studies are highlighted. 2019-04 Thesis NonPeerReviewed pdf en http://umpir.ump.edu.my/id/eprint/29279/1/An%20enhanced%20android%20botnet%20detection%20approach%20using%20feature%20refinement.wm.pdf Anwar, Shahid (2019) An enhanced android botnet detection approach using feature refinement. PhD thesis, Universiti Malaysia Pahang (Contributors, Thesis advisor: Zolkipli, Mohamad Fadli). |
| institution |
Universiti Malaysia Pahang |
| building |
UMP Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaysia Pahang |
| content_source |
UMP Institutional Repository |
| url_provider |
http://umpir.ump.edu.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Anwar, Shahid An enhanced android botnet detection approach using feature refinement |
| description |
In recent years, the botnets have started to evolve in the smartphones and other mobile devices after having an impact on the personal computers. A botnet is a network of infected mobile devices such as smartphones, smart watches, notepads, which are remotely controlled by the bot-herder (botmaster). The botnets targeting the smartphones and mobile devices which are using Android operating system due to their highly personal and powerful attributes. As a result, Android botnet can be used to initiate various distributed coordinated attacks including spam emails, click frauds, bitcoins mining, distributed denial of service attacks disseminating other malware and much more. In order to detect botnet attacks which causes immense chaos and problems to smartphones, first the Android botnet need to be analysed. There are three prominent types of botnet analyses namely static, dynamic and hybrid. Static analysis examines the application code thoroughly, dynamic analysis examines the behaviours of the botware applications, while hybrid analysis is the combination of both of these analyses. Although the existing analyses have been obtained a good accuracy, but the attackers find novel ways of skipping the detection while performing harmful activities. Furthermore, the existing detection techniques can detect only malicious Android applications, while they are unable to detect the Android botnet applications. The aim of this study is to propose a novel static analysis approach. That adopts machine learning techniques to classify botware and benign applications. This classification is performed on the base of botnet related unique patterns of additional requested features namely permissions, activities, broadcast receivers, services and API calls. These features are able to disclose the sensitive information stored on the Android mobile devices. The botware applications used in this study containing 3535 samples were obtained from the Contagio and Drebin datasets, as well as the benign applications containing 3500 samples. The obtained results show that by using the additional features the detection accuracy improved. The experimental evaluation based on real-world benchmark datasets shows that the selected unique patterns can achieve high detection accuracy with low false positive rate. The experimental and statistical tests show that 97.28% accuracy achieved by Random Forest machine classifier, it performs well as compared to other classification algorithms. Based on the test results, various open research issues which need to be addressed in future studies are highlighted. |
| format |
Thesis |
| author |
Anwar, Shahid |
| author_facet |
Anwar, Shahid |
| author_sort |
Anwar, Shahid |
| title |
An enhanced android botnet detection approach using feature refinement |
| title_short |
An enhanced android botnet detection approach using feature refinement |
| title_full |
An enhanced android botnet detection approach using feature refinement |
| title_fullStr |
An enhanced android botnet detection approach using feature refinement |
| title_full_unstemmed |
An enhanced android botnet detection approach using feature refinement |
| title_sort |
enhanced android botnet detection approach using feature refinement |
| publishDate |
2019 |
| url |
http://umpir.ump.edu.my/id/eprint/29279/1/An%20enhanced%20android%20botnet%20detection%20approach%20using%20feature%20refinement.wm.pdf http://umpir.ump.edu.my/id/eprint/29279/ |
| _version_ |
1758578222168014848 |
| score |
13.160551 |