An enhanced android botnet detection approach using feature refinement

In recent years, the botnets have started to evolve in the smartphones and other mobile devices after having an impact on the personal computers. A botnet is a network of infected mobile devices such as smartphones, smart watches, notepads, which are remotely controlled by the bot-herder (botmaster)...

Full description

Saved in:
Bibliographic Details
Main Author: Anwar, Shahid
Format: Thesis
Language:English
Published: 2019
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/29279/1/An%20enhanced%20android%20botnet%20detection%20approach%20using%20feature%20refinement.wm.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-ump-ir.29279
record_format uketd_dc
spelling my-ump-ir.292792023-02-16T08:17:57Z An enhanced android botnet detection approach using feature refinement 2019-04 Anwar, Shahid QA75 Electronic computers. Computer science In recent years, the botnets have started to evolve in the smartphones and other mobile devices after having an impact on the personal computers. A botnet is a network of infected mobile devices such as smartphones, smart watches, notepads, which are remotely controlled by the bot-herder (botmaster). The botnets targeting the smartphones and mobile devices which are using Android operating system due to their highly personal and powerful attributes. As a result, Android botnet can be used to initiate various distributed coordinated attacks including spam emails, click frauds, bitcoins mining, distributed denial of service attacks disseminating other malware and much more. In order to detect botnet attacks which causes immense chaos and problems to smartphones, first the Android botnet need to be analysed. There are three prominent types of botnet analyses namely static, dynamic and hybrid. Static analysis examines the application code thoroughly, dynamic analysis examines the behaviours of the botware applications, while hybrid analysis is the combination of both of these analyses. Although the existing analyses have been obtained a good accuracy, but the attackers find novel ways of skipping the detection while performing harmful activities. Furthermore, the existing detection techniques can detect only malicious Android applications, while they are unable to detect the Android botnet applications. The aim of this study is to propose a novel static analysis approach. That adopts machine learning techniques to classify botware and benign applications. This classification is performed on the base of botnet related unique patterns of additional requested features namely permissions, activities, broadcast receivers, services and API calls. These features are able to disclose the sensitive information stored on the Android mobile devices. The botware applications used in this study containing 3535 samples were obtained from the Contagio and Drebin datasets, as well as the benign applications containing 3500 samples. The obtained results show that by using the additional features the detection accuracy improved. The experimental evaluation based on real-world benchmark datasets shows that the selected unique patterns can achieve high detection accuracy with low false positive rate. The experimental and statistical tests show that 97.28% accuracy achieved by Random Forest machine classifier, it performs well as compared to other classification algorithms. Based on the test results, various open research issues which need to be addressed in future studies are highlighted. 2019-04 Thesis http://umpir.ump.edu.my/id/eprint/29279/ http://umpir.ump.edu.my/id/eprint/29279/1/An%20enhanced%20android%20botnet%20detection%20approach%20using%20feature%20refinement.wm.pdf pdf en public phd doctoral Universiti Malaysia Pahang Faculty of Computer System & Software Engineering Zolkipli, Mohamad Fadli
institution Universiti Malaysia Pahang Al-Sultan Abdullah
collection UMPSA Institutional Repository
language English
advisor Zolkipli, Mohamad Fadli
topic QA75 Electronic computers
Computer science
spellingShingle QA75 Electronic computers
Computer science
Anwar, Shahid
An enhanced android botnet detection approach using feature refinement
description In recent years, the botnets have started to evolve in the smartphones and other mobile devices after having an impact on the personal computers. A botnet is a network of infected mobile devices such as smartphones, smart watches, notepads, which are remotely controlled by the bot-herder (botmaster). The botnets targeting the smartphones and mobile devices which are using Android operating system due to their highly personal and powerful attributes. As a result, Android botnet can be used to initiate various distributed coordinated attacks including spam emails, click frauds, bitcoins mining, distributed denial of service attacks disseminating other malware and much more. In order to detect botnet attacks which causes immense chaos and problems to smartphones, first the Android botnet need to be analysed. There are three prominent types of botnet analyses namely static, dynamic and hybrid. Static analysis examines the application code thoroughly, dynamic analysis examines the behaviours of the botware applications, while hybrid analysis is the combination of both of these analyses. Although the existing analyses have been obtained a good accuracy, but the attackers find novel ways of skipping the detection while performing harmful activities. Furthermore, the existing detection techniques can detect only malicious Android applications, while they are unable to detect the Android botnet applications. The aim of this study is to propose a novel static analysis approach. That adopts machine learning techniques to classify botware and benign applications. This classification is performed on the base of botnet related unique patterns of additional requested features namely permissions, activities, broadcast receivers, services and API calls. These features are able to disclose the sensitive information stored on the Android mobile devices. The botware applications used in this study containing 3535 samples were obtained from the Contagio and Drebin datasets, as well as the benign applications containing 3500 samples. The obtained results show that by using the additional features the detection accuracy improved. The experimental evaluation based on real-world benchmark datasets shows that the selected unique patterns can achieve high detection accuracy with low false positive rate. The experimental and statistical tests show that 97.28% accuracy achieved by Random Forest machine classifier, it performs well as compared to other classification algorithms. Based on the test results, various open research issues which need to be addressed in future studies are highlighted.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Anwar, Shahid
author_facet Anwar, Shahid
author_sort Anwar, Shahid
title An enhanced android botnet detection approach using feature refinement
title_short An enhanced android botnet detection approach using feature refinement
title_full An enhanced android botnet detection approach using feature refinement
title_fullStr An enhanced android botnet detection approach using feature refinement
title_full_unstemmed An enhanced android botnet detection approach using feature refinement
title_sort enhanced android botnet detection approach using feature refinement
granting_institution Universiti Malaysia Pahang
granting_department Faculty of Computer System & Software Engineering
publishDate 2019
url http://umpir.ump.edu.my/id/eprint/29279/1/An%20enhanced%20android%20botnet%20detection%20approach%20using%20feature%20refinement.wm.pdf
_version_ 1783732121037176832