SMS-Based Mobile Botnet Detection Framework Using Intelligent Agents
Keywords:SMS, mobile botnet, intrusion detection, Android malware, multi-agent system
Along with increasing security measures in Android platforms, the amount of Android malware that use remote exploits has grown significantly. Using mobile botnets, attackers concentrate on reliable attack vectors such as SMS messages. Short Message Service (SMS) has been increasingly targeted by a number of malicious applications (“apps”) that have the ability to abuse SMS features in order to send spam, to transfer command and control (C&C) instructions, to distribute malicious applications via URLs embedded in text messages, to send text messages to premium-rate numbers, and to exploit smartphones. In this paper, we propose an SMS-based botnet detection formwork that uses multi-agent technology based on observations of SMS and Android smartphone features. This formwork has the ability to detect SMS botnets and identify ways to block the attacks in order to prevent damage caused by botnet attacks. We developed an adaptive hybrid model of SMS botnet detectors by using a combination of signature-based and anomaly-based algorithms. These components utilize multi-agent technology to recognize malicious SMS and prevent users from opening these messages that infecting smartphones. This framework includes defence module that employed a more proactive approach that allows us to directly generate signatures and rules that can be used to protect Android smartphones from abuse by SMS botnets. The framework creates a user profile that is used to perform behavioural profiling analysis in order to identity malicious SMS and cut the C&C Channel.
Aggarwal, C. C., and Zhai, C. (2012). “A survey of text clustering algorithms,” in Mining Text Data, eds C. C. Aggarwal and C. X. Zhaipages (New York, NY: Springer), 77–128.
Aguero, J., Rebollo, M., Carrascosa, C., and Julián, V. (2010). “Developing intelligent agents on the android platform,” in Proceedings of Seventh Asia Joint Conference on Information Security, (Washington, DC: IEEE).
Alam, M., Cheng, Z., and Vuong, S. (2014). “Context-aware multi-agent based framework for securing android,” in Proceedings of International Conference on Multimedia Computing and Systems, (Washington, DC: IEEE), 961–966.
Almeida, T. A., Hidalgo, J. M. G., and Silva, T. P. (2013). Towards sms spam filtering: results under a new dataset. Int. J, Inform. Sec. Sci. 2:1–18.
Bellifemine, F., Caire, G., Poggi, A., and Rimassa, G. (2008). Jade: a software framework for developing multi-agent applications. lessons learned. Inform. Soft. Technol. 50:10–21.
Bergenti, F., Caire, G., and Gotta, D. (2014). “Agents on the move: Jade for android devices,”. In Proceedings of 2014 Workshop From Objects to Agents. (New York, NY: ACM).
Chen, T., and Kan, M.-Y. (2013). Creating a live, public short message service corpus: the nus sms corpus. Lang. Resour. Eval. 47, 299–335.
Cheng, Z. (2012). A Multi-Agent Security System for Android Platform. Master’s thesis, University of British Columbia, Vancouver, BC.
Cuppens, F., and Miege, A. (2002). “Alert correlation in a cooperative intrusion detection framework,” in Proceedings of 2002 IEEE Symposium on Security and Privacy, (Washington, DC: IEEE) 202–215.
Delany, S. J., Buckley, M., and Greene, D. (2012). Sms spam filtering: methods and data. Exp. Syst. With Appl. 39, 9899–9908.
Geng, G., Xu, G., Zhang, M., Guo, Y., Yang, G., and Wei, C. (2012). The design of sms based heterogeneous mobile botnet. J. Comput. 7, 235–243.
Hua, J., and Sakurai, K. (2011). “A sms-based mobile botnet using flooding algorithm,” in Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication, (New York, NY: Springer), 264–279.
Kok, J., and Kurz, B. (2011). “Analysis of the botnet ecosystem,” in Proceedings of the 10th Conference of Telecommunication, Media and Internet Techno-Economics (CTTE), (Berlin: VDE), 1–10.
Larsen, B., and Aone, C. (1999). “Fast and effective text mining using linear-time document clustering,” in Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, NY: ACM.
Li, Y., Zhai, L., Wang, Z., and Ren, Y. (2013). Control Method of Twitter and SMS-Based Mobile Botnet. Berlin: Springer.
Mulliner, C., and Seifert, J.-P. (2010). “Rise of the ibots: owning a telco network,” in Proceedings of the 5th International Conference on Malicious and Unwanted Software, (Washington, DC: IEEE), 71–80.
Nuruzzaman, M. T., Lee, C. and Choi, D. (2011). “Independent and personal sms spam filtering,” in Proceedings of the 11th International Conference on Computer and Information Technology, (Washington, DC: IEEE), 429–435.
Rosenberg, D. (2013). CarrierIQ: The Real Story. Available at: http://vulnfactory.org/blog/2011/12/05/carrieriq-the-real-story/
Vural, I., and Venter, H. (2010). “Mobile botnet detection using network forensics,” in Future Internet-FIS 2010, eds A. J. Berre, A. G[x00F3]mez-P[x00E9]rez, K. Tutschku, and D. Fensel (New York: Springer), 57–67.
Yadav, K., Kumaraguru, P., Goyal, A., Gupta, A., and Naik, V. (2011). “Smsassassin: crowdsourcing driven mobile-based system for sms spam filtering,” in Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, (New York, NY: ACM), 1–6.