research-article

SMS mobile botnet detection using a multi-agent system: research in progress

Authors:
Abdullah J. Alzahrani

University of New Brunswick

University of New Brunswick
View Profile

,
Ali A. Ghorbani

University of New Brunswick

University of New Brunswick
View Profile

ACySE '14: Proceedings of the 1st International Workshop on Agents and CyberSecurityMay 2014Article No.: 2Pages 1–8https://doi.org/10.1145/2602945.2602950

Published:06 May 2014Publication History

ACySE '14: Proceedings of the 1st International Workshop on Agents and CyberSecurity

Pages 1–8

ABSTRACT

With the enormous growth of Android mobile devices and the huge increase in the number of published applications (apps), Short Message Service (SMS) is becoming an important issue. SMS can be abused by attackers when they send SMS spam, transfer all command and control (C&C) instructions, launch denial-of-service (DoS) attacks to send premium-rate SMS messages without user permission, and propagate malware via URLs sent within SMS messages. Thus, SMS has to be reliable as well as secure. In this paper, we propose a SMS botnet detection framework that uses multi-agent technology based on observations of SMS and Android smartphone features. This system detects SMS botnets and identifies ways to block the attacks in order to prevent damage caused by these attacks. An adaptive hybrid model of SMS botnet detectors is being developed by using a combination of signature-based and anomaly-based methods. The model is designed to recognize malicious SMS messages by applying behavioural analysis to find the correlation between suspicious SMS messages and reported profiling. Behaviour profiles of Android smartphones are being created to carry out robust and efficient anomaly detection. A multi-agent system technology was selected to perform light-weight detection without exhausting smartphone resources such as battery and memory.

References

Virus Profile: Android/HippoSMS.A. Available at: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=544065.Google Scholar
Threat Encyclopedia: ANDROIDOS_ADSMS.A. Available at: http://about-threats.trendmicro.com/us/malware/ANDROIDOS_ADSMS.A.Google Scholar
T. Abbes, A. Bouhoula, and M. Rusinowitch. Protocol analysis in intrusion detection using decision tree. In ITCC 2004. Google ScholarDigital Library
T. Almeida, J. M. G. Hidalgo, and T. P. Silva. Towards sms spam filtering: Results under a new dataset. International Journal of Information Security Science, 2(1), 2013.Google Scholar
I. Androulidakis, V. Vlachos, and A. Papanikolaou. Fimess: filtering mobile external sms spam. In Proceedings of the 6th Balkan Conference in Informatics, pages 221--227. ACM, 2013. Google ScholarDigital Library
M. Campbell. Mobile botnets show their disruptive potential. New Scientist, 204(2734):26, 2009.Google ScholarCross Ref
Z. Cheng. A multi-agent security system for android platform. 2012.Google Scholar
G. V. Cormack, J. M. G. Hidalgo, and E. P. Sánz. Feature engineering for mobile (sms) spam filtering. In Conference on Research and development in information retrieval. ACM, 2007. Google ScholarDigital Library
B. Coskun and P. Giura. Mitigating sms spam by online detection of repetitive near-duplicate messages. In Communications (ICC), pages 999--1004. IEEE, 2012.Google ScholarCross Ref
R. Costin, B. Kurt, and M. Denis. Android trojan found in targeted attack. https://www.securelist.com/en/blog/208194186/, 2013.Google Scholar
H. Debar, M. Dacier, and A. Wespi. Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):805--822, 1999. Google ScholarCross Ref
G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra. Madam: a multi-level anomaly detector for android malware. In Computer Network Security, pages 240--253. Springer, 2012. Google ScholarDigital Library
N. Eagle and A. Pentland. Reality mining: sensing complex social systems. Personal and ubiquitous computing, 10(4):255--268, 2006. Google ScholarDigital Library
M. D. Fabien Pouget. Alert correlation: Review of the state of the art. Technical Report EURECOM+1271, Eurecom, 12 2003.Google Scholar
D. Geer. Malicious bots threaten network security. Computer. Google ScholarDigital Library
G. Geng, G. Xu, M. Zhang, Y. Guo, G. Yang, and C. Wei. The design of sms based heterogeneous mobile botnet. Journal of Computers, 7(1):235--243, 2012.Google ScholarCross Ref
A. Ghorbani, W. Lu, and M. Tavallaee. Network intrusion detection and prevention: concepts and techniques, volume 47. Springer, 2010. Google ScholarDigital Library
J. M. Gómez Hidalgo, G. C. Bringas, E. P. Sánz, and F. C. García. Content based sms spam filtering. In Proceedings of the 2006 ACM symposium on Document engineering, pages 107--114. ACM, 2006. Google ScholarDigital Library
G. Gu, J. Zhang, and W. Lee. Botsniffer: Detecting botnet command and control channels in network traffic. 2008.Google Scholar
P. He, Y. Sun, W. Zheng, and X. Wen. Filtering short message spam of group sending using captcha. In Knowledge Discovery and Data Mining, pages 558--561. IEEE, 2008. Google ScholarDigital Library
M. Healy, S. J. Delany, and A. Zamolotskikh. An assessment of case base reasoning for short text message classification. In Conference papers, page 42, 2004.Google Scholar
J. Hua and K. Sakurai. A sms-based mobile botnet using flooding algorithm. WISTP'11, pages 264--279, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
N. Jiang, Y. Jin, A. Skudlark, and Z.-L. Zhang. Greystar: Fast and accurate detection of sms spam numbers in large cellular networks using grey phone space. In Proceedings of 22nd USENIX Security Symposium, 2013. Google ScholarDigital Library
F. Li, N. Clarke, M. Papadaki, and P. Dowland. Behaviour profiling on mobile devices. In 2010 International Conference on Emerging Security Technologies (EST). IEEE, 2010. Google ScholarDigital Library
W. Liu and T. Wang. Index-based online text classification for sms spam filtering. Journal of Computers, 5(6):844--851, 2010.Google ScholarCross Ref
W. Lu and A. Ghorbani. Botnets detection based on irc-community. In Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE, pages 1--5, 2008.Google ScholarCross Ref
T. M. Mahmoud and A. M. Mahfouz. Sms spam filtering technique based on artificial immune system. IJCSI International Journal of Computer Science Issues, 9(1), 2012.Google Scholar
D. Maslennikov. New zitmo for android and blackberry. http://www.securelist.com/en/blog/208193760/, 2012.Google Scholar
A. Modupe, O. O. Olugbara, and S. O. Ojo. Investigating topic models for mobile short messaging service communication filtering. In Proceedings of the World Congress on Engineering, volume 2, 2013.Google Scholar
C. Mulliner and J.-P. Seifert. Rise of the ibots: Owning a telco network. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, pages 71--80, 2010.Google ScholarCross Ref
J. Networks. Juniper networks third annual mobile threats report, 2013.Google Scholar
A. Nguyen and L. Pan. Detecting sms-based control commands in a botnet from infected android devices. In Proceedings of the 3rd Applications and Technologies in Information Security Workshop, pages 23--27, 2012.Google Scholar
M. Nuruzzaman, C. Lee, and D. Choi. Independent and personal sms spam filtering. In 11th International Conference on Computer and Information Technology (CIT), 2011. Google ScholarDigital Library
P. Porras, H. Saidi, and V. Yegneswaran. An analysis of the ikee.b iphone botnet. In Security and Privacy in Mobile Inf. and Com. Systems. Springer, 2010.Google ScholarCross Ref
M. Z. Rafique and M. Abulaish. Graph-based learning model for detection of sms spam on smart phones. In 8th International Wireless Com. and Mobile Computing Conference. IEEE, 2012.Google ScholarCross Ref
M. Z. Rafique, N. Alrayes, and M. K. Khan. Application of evolutionary algorithms in detecting sms spam at access layer. In GECCO, pages 1787--1794, 2011. Google ScholarDigital Library
M. Z. Rafique and M. Farooq. Sms spam detection by operating on byte-level distributions using hidden markov models (hmms). In Proceedings of the 20th virus bulletin international conference, 2010.Google Scholar
D. Rosenberg. Carrieriq: The real story, 2011.Google Scholar
R. Sadoddin and A. Ghorbani. Alert correlation survey: framework and techniques. In Bridge the Gap Between PST Technologies and Business Services, page 37. ACM, 2006. Google ScholarDigital Library
S. Sarafijanovic and J.-Y. Le Boudec. Artificial immune system for collaborative spam filtering. In Nature Inspired Cooperative Strategies for Optimization. Springer, 2008.Google Scholar
O. Savenko, S. Lysenko, and A. Kryschuk. Multi-agent based approach of botnet detection in computer systems. In Computer Networks, pages 171--180. Springer, 2012.Google Scholar
M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang. A novel anomaly detection scheme based on principal component classifier. Technical report, DTIC Document, 2003.Google Scholar
L.-P. Song, Z. Jin, and G.-Q. Sun. Modeling and analyzing of botnet interactions. Physica A: Statistical Mechanics and its Applications, 390(2):347--358, 2011.Google ScholarCross Ref
P. Stone and M. Veloso. Multiagent systems: A survey from a machine learning perspective. Autonomous Robots, 8(3):345--383, 2000. Google ScholarDigital Library
T. Strazzere. Zsone trojan found in android market. https://blog.lookout.com/blog/2011/05/11/security-alert-zsone-trojan-found-in-android-market/.Google Scholar
Tilab. Jade - java agent development framework, 2011.Google Scholar
P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. On cellular botnets: measuring the impact of malicious devices on a cellular network core. In Proceedings of the 16th ACM conference on Computer and communications security, pages 223--234. ACM, 2009. Google ScholarDigital Library
I. Vural and H. S. Venter. Combating mobile spam through botnet detection using artificial immune systems. j-jucs, 18(6):750--774, mar 2012.Google Scholar
W. Wang, I. Murynets, J. Bickford, C. V. Wart, and G. Xu. What you see predicts what you get - lightweight agent-based malware detection. Security and Communication Networks, 6(1):33--48, 2013. Google ScholarDigital Library
N. Weaver, S. Staniford, and V. Paxson. Very fast containment of scanning worms. In Proceedings of the 13th Conference on USENIX Security Symposium. Google ScholarDigital Library
D. D. Wenke Lee, Cliff Wang. Botnet Detection: Countering the Largest Security Threat. Springer US, New York, NY, 2008. Google ScholarDigital Library
M. F. Wood and S. A. DeLoach. An overview of the multiagent systems engineering methodology. In Agent-Oriented Software Engineering, pages 207--221. Springer, 2001. Google ScholarDigital Library
Q. Xu, E. Xiang, J. Du, J. Zhong, and Q. Yang. Sms spam detection using content-less features. 2012.Google Scholar
R. Xu, J. Xu, and D. Wunsch. Clustering with differential evolution particle swarm optimization. In Evolutionary Computation (CEC). IEEE, 2010.Google Scholar
K. Yadav, P. Kumaraguru, A. Goyal, A. Gupta, and V. Naik. Smsassassin: Crowdsourcing driven mobile-based system for sms spam filtering. In Workshop on Mobile Computing Systems and Applications. ACM, 2011. Google ScholarDigital Library
Y. Zeng, K. G. Shin, and X. Hu. Design of sms commanded-and-controlled and p2p-structured mobile botnets. In ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012. Google ScholarDigital Library

Index Terms

SMS mobile botnet detection using a multi-agent system: research in progress
1. Computing methodologies
  1. Artificial intelligence
    1. Distributed artificial intelligence
      1. Multi-agent systems
2. Security and privacy
  1. Network security

Recommendations

A Survey of Botnet and Botnet Detection
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies

Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical ...
Read More
Detection and classification of different botnet C&C channels
ATC'11: Proceedings of the 8th international conference on Autonomic and trusted computing

Unlike other types of malware, botnets are characterized by their command and control (C&C) channels, through which a central authority, the botmaster, may use the infected computer to carry out malicious activities. Given the damage botnets are capable ...
Read More
Detecting botnet by anomalous traffic

Botnets can cause significant security threat and huge loss to organizations, and are difficult to discover their existence. Therefore they have become one of the most severe threats on the Internet. The core component of botnets is their command and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ACySE '14: Proceedings of the 1st International Workshop on Agents and CyberSecurity
May 2014
70 pages
ISBN:9781450327282
DOI:10.1145/2602945
Conference Chairs:
Natalia Criado
University of Bolton, UK
,
Martin Rehak
Cisco Systems & Czech Technical University of Prague, Czech Republic
,
Jose M. Such
Lancaster University, UK
,
Laurent Vercouter
INSA de Rouen/LITIS lab, France
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 May 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
SMS
botnet detection
multi-agent system
smartphone
Qualifiers
- research-article
Conference

Acceptance Rates
ACySE '14 Paper Acceptance Rate10of16submissions,63%Overall Acceptance Rate10of16submissions,63%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 574
  Total Downloads
- Downloads (Last 12 months)9
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

SMS mobile botnet detection using a multi-agent system: research in progress

ACySE '14: Proceedings of the 1st International Workshop on Agents and CyberSecurity

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Survey of Botnet and Botnet Detection

Detection and classification of different botnet C&C channels

Detecting botnet by anomalous traffic

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

SMS mobile botnet detection using a multi-agent system: research in progress

ACySE '14: Proceedings of the 1st International Workshop on Agents and CyberSecurity

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Survey of Botnet and Botnet Detection

Detection and classification of different botnet C&C channels

Detecting botnet by anomalous traffic

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media