ABSTRACT
With the enormous growth of Android mobile devices and the huge increase in the number of published applications (apps), Short Message Service (SMS) is becoming an important issue. SMS can be abused by attackers when they send SMS spam, transfer all command and control (C&C) instructions, launch denial-of-service (DoS) attacks to send premium-rate SMS messages without user permission, and propagate malware via URLs sent within SMS messages. Thus, SMS has to be reliable as well as secure. In this paper, we propose a SMS botnet detection framework that uses multi-agent technology based on observations of SMS and Android smartphone features. This system detects SMS botnets and identifies ways to block the attacks in order to prevent damage caused by these attacks. An adaptive hybrid model of SMS botnet detectors is being developed by using a combination of signature-based and anomaly-based methods. The model is designed to recognize malicious SMS messages by applying behavioural analysis to find the correlation between suspicious SMS messages and reported profiling. Behaviour profiles of Android smartphones are being created to carry out robust and efficient anomaly detection. A multi-agent system technology was selected to perform light-weight detection without exhausting smartphone resources such as battery and memory.
- Virus Profile: Android/HippoSMS.A. Available at: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=544065.Google Scholar
- Threat Encyclopedia: ANDROIDOS_ADSMS.A. Available at: http://about-threats.trendmicro.com/us/malware/ANDROIDOS_ADSMS.A.Google Scholar
- T. Abbes, A. Bouhoula, and M. Rusinowitch. Protocol analysis in intrusion detection using decision tree. In ITCC 2004. Google ScholarDigital Library
- T. Almeida, J. M. G. Hidalgo, and T. P. Silva. Towards sms spam filtering: Results under a new dataset. International Journal of Information Security Science, 2(1), 2013.Google Scholar
- I. Androulidakis, V. Vlachos, and A. Papanikolaou. Fimess: filtering mobile external sms spam. In Proceedings of the 6th Balkan Conference in Informatics, pages 221--227. ACM, 2013. Google ScholarDigital Library
- M. Campbell. Mobile botnets show their disruptive potential. New Scientist, 204(2734):26, 2009.Google ScholarCross Ref
- Z. Cheng. A multi-agent security system for android platform. 2012.Google Scholar
- G. V. Cormack, J. M. G. Hidalgo, and E. P. Sánz. Feature engineering for mobile (sms) spam filtering. In Conference on Research and development in information retrieval. ACM, 2007. Google ScholarDigital Library
- B. Coskun and P. Giura. Mitigating sms spam by online detection of repetitive near-duplicate messages. In Communications (ICC), pages 999--1004. IEEE, 2012.Google ScholarCross Ref
- R. Costin, B. Kurt, and M. Denis. Android trojan found in targeted attack. https://www.securelist.com/en/blog/208194186/, 2013.Google Scholar
- H. Debar, M. Dacier, and A. Wespi. Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):805--822, 1999. Google ScholarCross Ref
- G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra. Madam: a multi-level anomaly detector for android malware. In Computer Network Security, pages 240--253. Springer, 2012. Google ScholarDigital Library
- N. Eagle and A. Pentland. Reality mining: sensing complex social systems. Personal and ubiquitous computing, 10(4):255--268, 2006. Google ScholarDigital Library
- M. D. Fabien Pouget. Alert correlation: Review of the state of the art. Technical Report EURECOM+1271, Eurecom, 12 2003.Google Scholar
- D. Geer. Malicious bots threaten network security. Computer. Google ScholarDigital Library
- G. Geng, G. Xu, M. Zhang, Y. Guo, G. Yang, and C. Wei. The design of sms based heterogeneous mobile botnet. Journal of Computers, 7(1):235--243, 2012.Google ScholarCross Ref
- A. Ghorbani, W. Lu, and M. Tavallaee. Network intrusion detection and prevention: concepts and techniques, volume 47. Springer, 2010. Google ScholarDigital Library
- J. M. Gómez Hidalgo, G. C. Bringas, E. P. Sánz, and F. C. García. Content based sms spam filtering. In Proceedings of the 2006 ACM symposium on Document engineering, pages 107--114. ACM, 2006. Google ScholarDigital Library
- G. Gu, J. Zhang, and W. Lee. Botsniffer: Detecting botnet command and control channels in network traffic. 2008.Google Scholar
- P. He, Y. Sun, W. Zheng, and X. Wen. Filtering short message spam of group sending using captcha. In Knowledge Discovery and Data Mining, pages 558--561. IEEE, 2008. Google ScholarDigital Library
- M. Healy, S. J. Delany, and A. Zamolotskikh. An assessment of case base reasoning for short text message classification. In Conference papers, page 42, 2004.Google Scholar
- J. Hua and K. Sakurai. A sms-based mobile botnet using flooding algorithm. WISTP'11, pages 264--279, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
- N. Jiang, Y. Jin, A. Skudlark, and Z.-L. Zhang. Greystar: Fast and accurate detection of sms spam numbers in large cellular networks using grey phone space. In Proceedings of 22nd USENIX Security Symposium, 2013. Google ScholarDigital Library
- F. Li, N. Clarke, M. Papadaki, and P. Dowland. Behaviour profiling on mobile devices. In 2010 International Conference on Emerging Security Technologies (EST). IEEE, 2010. Google ScholarDigital Library
- W. Liu and T. Wang. Index-based online text classification for sms spam filtering. Journal of Computers, 5(6):844--851, 2010.Google ScholarCross Ref
- W. Lu and A. Ghorbani. Botnets detection based on irc-community. In Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE, pages 1--5, 2008.Google ScholarCross Ref
- T. M. Mahmoud and A. M. Mahfouz. Sms spam filtering technique based on artificial immune system. IJCSI International Journal of Computer Science Issues, 9(1), 2012.Google Scholar
- D. Maslennikov. New zitmo for android and blackberry. http://www.securelist.com/en/blog/208193760/, 2012.Google Scholar
- A. Modupe, O. O. Olugbara, and S. O. Ojo. Investigating topic models for mobile short messaging service communication filtering. In Proceedings of the World Congress on Engineering, volume 2, 2013.Google Scholar
- C. Mulliner and J.-P. Seifert. Rise of the ibots: Owning a telco network. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, pages 71--80, 2010.Google ScholarCross Ref
- J. Networks. Juniper networks third annual mobile threats report, 2013.Google Scholar
- A. Nguyen and L. Pan. Detecting sms-based control commands in a botnet from infected android devices. In Proceedings of the 3rd Applications and Technologies in Information Security Workshop, pages 23--27, 2012.Google Scholar
- M. Nuruzzaman, C. Lee, and D. Choi. Independent and personal sms spam filtering. In 11th International Conference on Computer and Information Technology (CIT), 2011. Google ScholarDigital Library
- P. Porras, H. Saidi, and V. Yegneswaran. An analysis of the ikee.b iphone botnet. In Security and Privacy in Mobile Inf. and Com. Systems. Springer, 2010.Google ScholarCross Ref
- M. Z. Rafique and M. Abulaish. Graph-based learning model for detection of sms spam on smart phones. In 8th International Wireless Com. and Mobile Computing Conference. IEEE, 2012.Google ScholarCross Ref
- M. Z. Rafique, N. Alrayes, and M. K. Khan. Application of evolutionary algorithms in detecting sms spam at access layer. In GECCO, pages 1787--1794, 2011. Google ScholarDigital Library
- M. Z. Rafique and M. Farooq. Sms spam detection by operating on byte-level distributions using hidden markov models (hmms). In Proceedings of the 20th virus bulletin international conference, 2010.Google Scholar
- D. Rosenberg. Carrieriq: The real story, 2011.Google Scholar
- R. Sadoddin and A. Ghorbani. Alert correlation survey: framework and techniques. In Bridge the Gap Between PST Technologies and Business Services, page 37. ACM, 2006. Google ScholarDigital Library
- S. Sarafijanovic and J.-Y. Le Boudec. Artificial immune system for collaborative spam filtering. In Nature Inspired Cooperative Strategies for Optimization. Springer, 2008.Google Scholar
- O. Savenko, S. Lysenko, and A. Kryschuk. Multi-agent based approach of botnet detection in computer systems. In Computer Networks, pages 171--180. Springer, 2012.Google Scholar
- M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang. A novel anomaly detection scheme based on principal component classifier. Technical report, DTIC Document, 2003.Google Scholar
- L.-P. Song, Z. Jin, and G.-Q. Sun. Modeling and analyzing of botnet interactions. Physica A: Statistical Mechanics and its Applications, 390(2):347--358, 2011.Google ScholarCross Ref
- P. Stone and M. Veloso. Multiagent systems: A survey from a machine learning perspective. Autonomous Robots, 8(3):345--383, 2000. Google ScholarDigital Library
- T. Strazzere. Zsone trojan found in android market. https://blog.lookout.com/blog/2011/05/11/security-alert-zsone-trojan-found-in-android-market/.Google Scholar
- Tilab. Jade - java agent development framework, 2011.Google Scholar
- P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. On cellular botnets: measuring the impact of malicious devices on a cellular network core. In Proceedings of the 16th ACM conference on Computer and communications security, pages 223--234. ACM, 2009. Google ScholarDigital Library
- I. Vural and H. S. Venter. Combating mobile spam through botnet detection using artificial immune systems. j-jucs, 18(6):750--774, mar 2012.Google Scholar
- W. Wang, I. Murynets, J. Bickford, C. V. Wart, and G. Xu. What you see predicts what you get - lightweight agent-based malware detection. Security and Communication Networks, 6(1):33--48, 2013. Google ScholarDigital Library
- N. Weaver, S. Staniford, and V. Paxson. Very fast containment of scanning worms. In Proceedings of the 13th Conference on USENIX Security Symposium. Google ScholarDigital Library
- D. D. Wenke Lee, Cliff Wang. Botnet Detection: Countering the Largest Security Threat. Springer US, New York, NY, 2008. Google ScholarDigital Library
- M. F. Wood and S. A. DeLoach. An overview of the multiagent systems engineering methodology. In Agent-Oriented Software Engineering, pages 207--221. Springer, 2001. Google ScholarDigital Library
- Q. Xu, E. Xiang, J. Du, J. Zhong, and Q. Yang. Sms spam detection using content-less features. 2012.Google Scholar
- R. Xu, J. Xu, and D. Wunsch. Clustering with differential evolution particle swarm optimization. In Evolutionary Computation (CEC). IEEE, 2010.Google Scholar
- K. Yadav, P. Kumaraguru, A. Goyal, A. Gupta, and V. Naik. Smsassassin: Crowdsourcing driven mobile-based system for sms spam filtering. In Workshop on Mobile Computing Systems and Applications. ACM, 2011. Google ScholarDigital Library
- Y. Zeng, K. G. Shin, and X. Hu. Design of sms commanded-and-controlled and p2p-structured mobile botnets. In ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012. Google ScholarDigital Library
Index Terms
- SMS mobile botnet detection using a multi-agent system: research in progress
Recommendations
A Survey of Botnet and Botnet Detection
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and TechnologiesAmong the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical ...
Detection and classification of different botnet C&C channels
ATC'11: Proceedings of the 8th international conference on Autonomic and trusted computingUnlike other types of malware, botnets are characterized by their command and control (C&C) channels, through which a central authority, the botmaster, may use the infected computer to carry out malicious activities. Given the damage botnets are capable ...
Detecting botnet by anomalous traffic
Botnets can cause significant security threat and huge loss to organizations, and are difficult to discover their existence. Therefore they have become one of the most severe threats on the Internet. The core component of botnets is their command and ...
Comments