Detecting mobile botnets through machine learning and system calls analysis
| Title | Detecting mobile botnets through machine learning and system calls analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Costa, V. G. T. da, Barbon, S., Miani, R. S., Rodrigues, J. J. P. C., Zarpelão, B. B. |
| Conference Name | 2017 IEEE International Conference on Communications (ICC) |
| ISBN Number | 978-1-4673-8999-0 |
| Keywords | anomalous behavior identification, anomaly-based approach, botnets, close-to-reality scenario, compositionality, computer network security, desktop domain, feature extraction, host-based approach, Internet, Internet security, invasive software, learning (artificial intelligence), legitimate application, machine learning, machine learning algorithms, Malware, Metrics, mobile botnet detection, Mobile communication, mobile computing, mobile environment, Mobile handsets, Monitoring, pattern detection, pubcrawl, Resiliency, self-generated dataset, statistical analysis, statistical feature extraction, system call analysis, threat minimization |
| Abstract | Botnets have been a serious threat to the Internet security. With the constant sophistication and the resilience of them, a new trend has emerged, shifting botnets from the traditional desktop to the mobile environment. As in the desktop domain, detecting mobile botnets is essential to minimize the threat that they impose. Along the diverse set of strategies applied to detect these botnets, the ones that show the best and most generalized results involve discovering patterns in their anomalous behavior. In the mobile botnet field, one way to detect these patterns is by analyzing the operation parameters of this kind of applications. In this paper, we present an anomaly-based and host-based approach to detect mobile botnets. The proposed approach uses machine learning algorithms to identify anomalous behaviors in statistical features extracted from system calls. Using a self-generated dataset containing 13 families of mobile botnets and legitimate applications, we were able to test the performance of our approach in a close-to-reality scenario. The proposed approach achieved great results, including low false positive rates and high true detection rates. |
| URL | https://ieeexplore.ieee.org/document/7997390 |
| DOI | 10.1109/ICC.2017.7997390 |
| Citation Key | costa_detecting_2017 |
- malware
- threat minimization
- system call analysis
- statistical feature extraction
- statistical analysis
- self-generated dataset
- Resiliency
- pubcrawl
- pattern detection
- Monitoring
- Mobile handsets
- mobile environment
- mobile computing
- Mobile communication
- mobile botnet detection
- Metrics
- anomalous behavior identification
- machine learning algorithms
- machine learning
- legitimate application
- learning (artificial intelligence)
- invasive software
- Internet security
- internet
- host-based approach
- feature extraction
- desktop domain
- computer network security
- Compositionality
- close-to-reality scenario
- botnets
- anomaly-based approach