Creating and sharing knowledge for telecommunications

Detecting Mobile Botnets Through Machine Learning and System Calls Analysis

G.T.C., V.G.T. C. ; Barbon, S. B. ; Miani, R. M. ; Rodrigues, J. R. ; Zarpelão, B. Z.

Detecting Mobile Botnets Through Machine Learning and System Calls Analysis, Proc IEEE Communications Society IEEE International Conference on Communications ICC, Paris, France, Vol. , pp. - , May, 2017.

Digital Object Identifier:

Botnets have been a serious threat to the Internet security. With the constant sophistication and the resilience of them, a new trend has emerged, shifting botnets from the traditional desktop to the mobile environment. As in the desktop domain, detecting mobile botnets is essential to minimize the threat that they impose. Along the diverse set of strategies applied to detect these botnets, the ones that show the best and most generalized results involve discovering patterns in their anomalous behavior. In the mobile botnet field, one way to detect these patterns is by analyzing the operation parameters of this kind of applications. In this paper, we present an anomaly-based and host-based approach to detect mobile botnets. The proposed approach uses machine learning algorithms to identify anomalous behaviors in statistical features extracted from system calls. Using a self-generated dataset containing 13 families of mobile botnets and legitimate applications, we were able to test the performance of our approach in a close-to-reality scenario. The proposed approach achieved great results, including low false positive rates and high true detection rates.