SMS-Based Mobile Botnet Detection Framework Using Intelligent Agents


  • Abdullah J. Alzahrani Assistant Professor at The College of Computer Science and Engineering (CCSE), University of Hail (UOH), Saudi Arabia
  • Ali A. Ghorbani Professor and Dean, Director, Canadian Institute for Cybersecurity, Canada Research Chair in Cybersecurity, Faculty of Computer Science, University of New Brunswick, Canada



SMS, mobile botnet, intrusion detection, Android malware, multi-agent system


Along with increasing security measures in Android platforms, the amount of Android malware that use remote exploits has grown significantly. Using mobile botnets, attackers concentrate on reliable attack vectors such as SMS messages. Short Message Service (SMS) has been increasingly targeted by a number of malicious applications (“apps”) that have the ability to abuse SMS features in order to send spam, to transfer command and control (C&C) instructions, to distribute malicious applications via URLs embedded in text messages, to send text messages to premium-rate numbers, and to exploit smartphones. In this paper, we propose an SMS-based botnet detection formwork that uses multi-agent technology based on observations of SMS and Android smartphone features. This formwork has the ability to detect SMS botnets and identify ways to block the attacks in order to prevent damage caused by botnet attacks. We developed an adaptive hybrid model of SMS botnet detectors by using a combination of signature-based and anomaly-based algorithms. These components utilize multi-agent technology to recognize malicious SMS and prevent users from opening these messages that infecting smartphones. This framework includes defence module that employed a more proactive approach that allows us to directly generate signatures and rules that can be used to protect Android smartphones from abuse by SMS botnets. The framework creates a user profile that is used to perform behavioural profiling analysis in order to identity malicious SMS and cut the C&C Channel.



Download data is not yet available.

Author Biographies

Abdullah J. Alzahrani, Assistant Professor at The College of Computer Science and Engineering (CCSE), University of Hail (UOH), Saudi Arabia

A. J. Alzahrani is assistant professor at the college of computer science and engineering (CCSE), University of Hail (UOH), Saudi Arabia. He earned his Ph.D. from the faculty of Computer Science, University of New Brunswick, Canada in October 2016. His research interests include botnet detection, Android security, network security, malware analysis and reverse engineering. Dr. Alzahrani was the project manager for the Smart Campus at King Saud University, Riyadh, Saudi Arabia. Dr. Alzahrani received the Saudi Arabian Cultural Bureau’s Academic Excellence Award in Ph.D. Program 2016 and the Saudi Arabian Cultural Mission’s Academic Excellence Award in Master Program 2008. He received the Lawrence Technological University’s Academic Honor Award in Master Program 2008. Dr. Alzahrani is a member of the IEEE, a member of the ACM, and Canadian Information Processing Society. He is a member of the Information Security Centre of Excellence, University of New Brunswick. He is member of Saudi Security group (Hemaya), Riyadh, Saudi Arabia.

Ali A. Ghorbani, Professor and Dean, Director, Canadian Institute for Cybersecurity, Canada Research Chair in Cybersecurity, Faculty of Computer Science, University of New Brunswick, Canada

A. A. Ghorbani has held a variety of positions in academia for the past 35 years and is currently the Canada Research Chair (Tier 1) in Cybersecurity, the Dean of the Faculty of Computer Science, and the Director of the Canadian Institute for Cybersecurity. He is the co-inventor on 3 awarded patents in the area of Network Security and Web Intelligence and has published over 200 peer-reviewed articles during his career. He has supervised over 160 research associates, postdoctoral fellows, graduate and undergraduate students during his career. His book, Intrusion Detection and Prevention Systems: Concepts and Techniques, was published by Springer in October 2010. In 2007, Dr. Ghorbani received the University of New Brunswick’s Research Scholar Award. Dr. Ghorbani has developed a number of technologies that have been adopted by high-tech companies. He co-founded two startups, Sentrant and EyesOver in 2013 and 2015. Dr. Ghorbani is the Co-Editor-In-Chief of Computational Intelligence Journal. He was twice one of the three finalists for the Special Recognition Award at the 2013 and 2016 New Brunswick KIRA award for the knowledge industry.


Aggarwal, C. C., and Zhai, C. (2012). “A survey of text clustering algorithms,” in Mining Text Data, eds C. C. Aggarwal and C. X. Zhaipages (New York, NY: Springer), 77–128.

Aguero, J., Rebollo, M., Carrascosa, C., and Julián, V. (2010). “Developing intelligent agents on the android platform,” in Proceedings of Seventh Asia Joint Conference on Information Security, (Washington, DC: IEEE).

Alam, M., Cheng, Z., and Vuong, S. (2014). “Context-aware multi-agent based framework for securing android,” in Proceedings of International Conference on Multimedia Computing and Systems, (Washington, DC: IEEE), 961–966.

Almeida, T. A., Hidalgo, J. M. G., and Silva, T. P. (2013). Towards sms spam filtering: results under a new dataset. Int. J, Inform. Sec. Sci. 2:1–18.

Bellifemine, F., Caire, G., Poggi, A., and Rimassa, G. (2008). Jade: a software framework for developing multi-agent applications. lessons learned. Inform. Soft. Technol. 50:10–21.

Bergenti, F., Caire, G., and Gotta, D. (2014). “Agents on the move: Jade for android devices,”. In Proceedings of 2014 Workshop From Objects to Agents. (New York, NY: ACM).

Chen, T., and Kan, M.-Y. (2013). Creating a live, public short message service corpus: the nus sms corpus. Lang. Resour. Eval. 47, 299–335.

Cheng, Z. (2012). A Multi-Agent Security System for Android Platform. Master’s thesis, University of British Columbia, Vancouver, BC.

Cuppens, F., and Miege, A. (2002). “Alert correlation in a cooperative intrusion detection framework,” in Proceedings of 2002 IEEE Symposium on Security and Privacy, (Washington, DC: IEEE) 202–215.

Delany, S. J., Buckley, M., and Greene, D. (2012). Sms spam filtering: methods and data. Exp. Syst. With Appl. 39, 9899–9908.

Geng, G., Xu, G., Zhang, M., Guo, Y., Yang, G., and Wei, C. (2012). The design of sms based heterogeneous mobile botnet. J. Comput. 7, 235–243.

Hua, J., and Sakurai, K. (2011). “A sms-based mobile botnet using flooding algorithm,” in Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication, (New York, NY: Springer), 264–279.

Kok, J., and Kurz, B. (2011). “Analysis of the botnet ecosystem,” in Proceedings of the 10th Conference of Telecommunication, Media and Internet Techno-Economics (CTTE), (Berlin: VDE), 1–10.

Larsen, B., and Aone, C. (1999). “Fast and effective text mining using linear-time document clustering,” in Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, NY: ACM.

Li, Y., Zhai, L., Wang, Z., and Ren, Y. (2013). Control Method of Twitter and SMS-Based Mobile Botnet. Berlin: Springer.

Mulliner, C., and Seifert, J.-P. (2010). “Rise of the ibots: owning a telco network,” in Proceedings of the 5th International Conference on Malicious and Unwanted Software, (Washington, DC: IEEE), 71–80.

Nuruzzaman, M. T., Lee, C. and Choi, D. (2011). “Independent and personal sms spam filtering,” in Proceedings of the 11th International Conference on Computer and Information Technology, (Washington, DC: IEEE), 429–435.

Rosenberg, D. (2013). CarrierIQ: The Real Story. Available at:

Vural, I., and Venter, H. (2010). “Mobile botnet detection using network forensics,” in Future Internet-FIS 2010, eds A. J. Berre, A. G[x00F3]mez-P[x00E9]rez, K. Tutschku, and D. Fensel (New York: Springer), 57–67.

Yadav, K., Kumaraguru, P., Goyal, A., Gupta, A., and Naik, V. (2011). “Smsassassin: crowdsourcing driven mobile-based system for sms spam filtering,” in Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, (New York, NY: ACM), 1–6.







Most read articles by the same author(s)