Android botnet detection: An integrated source code mining approach

Basil Alothman; Prapa Rattadilok

doi:10.23919/ICITST.2017.8356358

Android botnet detection: An integrated source code mining approach

Basil Alothman, Prapa Rattadilok

School of Computer Science

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

11 Citations (Scopus)

Abstract

Android is one of the most popular smartphone operating systems. This makes it one of the default targets for malicious cyber-attacks. Android's Play Store is not very restrictive which makes installing malicious apps easy. Botnets are amongst the most dangerous hacking approaches that are used nowadays on the internet. It is common for botnet developers to target smartphone users to install their malicious tools and target a larger number of devices. This is often done to gain access to sensitive data such as credit card details, or to cause damage to individual hosts or organisation resources by executing denial of service attacks. In this paper, we propose an approach to identify botnet Android mobile apps by means of source code mining. We analyse the source code via reverse engineering and data mining techniques for several examples of malicious and non-malicious apps. We use two approaches to build datasets. In the first, we perform text mining on the source code and construct several datasets and in the second we build one dataset by extracting source code metrics using an open-source tool. After building the datasets, we run several classification algorithms and assess their performance. Initial results show a high level of accuracy.

Original language	English
Title of host publication	2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	111-115
Number of pages	5
ISBN (Electronic)	9781908320933
DOIs	https://doi.org/10.23919/ICITST.2017.8356358
Publication status	Published - 8 May 2018
Event	12th International Conference for Internet Technology and Secured Transactions, ICITST 2017 - Cambridge, United Kingdom Duration: 11 Dec 2017 → 14 Dec 2017

Publication series

Name	2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

Conference

Conference	12th International Conference for Internet Technology and Secured Transactions, ICITST 2017
Country/Territory	United Kingdom
City	Cambridge
Period	11/12/17 → 14/12/17

Keywords

Android App
Android Botnet Detection
Document Analysis
Malware Detection
Reverse Engineering
Source Code Mining
component

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture
Safety, Risk, Reliability and Quality

Access to Document

10.23919/ICITST.2017.8356358

Cite this

Alothman, B., & Rattadilok, P. (2018). Android botnet detection: An integrated source code mining approach. In 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017 (pp. 111-115). (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/ICITST.2017.8356358

Alothman, Basil ; Rattadilok, Prapa. / Android botnet detection : An integrated source code mining approach. 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 111-115 (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017).

@inproceedings{29b83673aa4d468bb04d607706893b5f,

title = "Android botnet detection: An integrated source code mining approach",

abstract = "Android is one of the most popular smartphone operating systems. This makes it one of the default targets for malicious cyber-attacks. Android's Play Store is not very restrictive which makes installing malicious apps easy. Botnets are amongst the most dangerous hacking approaches that are used nowadays on the internet. It is common for botnet developers to target smartphone users to install their malicious tools and target a larger number of devices. This is often done to gain access to sensitive data such as credit card details, or to cause damage to individual hosts or organisation resources by executing denial of service attacks. In this paper, we propose an approach to identify botnet Android mobile apps by means of source code mining. We analyse the source code via reverse engineering and data mining techniques for several examples of malicious and non-malicious apps. We use two approaches to build datasets. In the first, we perform text mining on the source code and construct several datasets and in the second we build one dataset by extracting source code metrics using an open-source tool. After building the datasets, we run several classification algorithms and assess their performance. Initial results show a high level of accuracy.",

keywords = "Android App, Android Botnet Detection, Document Analysis, Malware Detection, Reverse Engineering, Source Code Mining, component",

author = "Basil Alothman and Prapa Rattadilok",

note = "Publisher Copyright: {\textcopyright} 2017 Infonomics Society.; 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017 ; Conference date: 11-12-2017 Through 14-12-2017",

year = "2018",

month = may,

day = "8",

doi = "10.23919/ICITST.2017.8356358",

language = "English",

series = "2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "111--115",

booktitle = "2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017",

address = "United States",

}

Alothman, B & Rattadilok, P 2018, Android botnet detection: An integrated source code mining approach. in 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017, Institute of Electrical and Electronics Engineers Inc., pp. 111-115, 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017, Cambridge, United Kingdom, 11/12/17. https://doi.org/10.23919/ICITST.2017.8356358

Android botnet detection: An integrated source code mining approach. / Alothman, Basil; Rattadilok, Prapa.
2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. p. 111-115 (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Android botnet detection

T2 - 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

AU - Alothman, Basil

AU - Rattadilok, Prapa

PY - 2018/5/8

Y1 - 2018/5/8

N2 - Android is one of the most popular smartphone operating systems. This makes it one of the default targets for malicious cyber-attacks. Android's Play Store is not very restrictive which makes installing malicious apps easy. Botnets are amongst the most dangerous hacking approaches that are used nowadays on the internet. It is common for botnet developers to target smartphone users to install their malicious tools and target a larger number of devices. This is often done to gain access to sensitive data such as credit card details, or to cause damage to individual hosts or organisation resources by executing denial of service attacks. In this paper, we propose an approach to identify botnet Android mobile apps by means of source code mining. We analyse the source code via reverse engineering and data mining techniques for several examples of malicious and non-malicious apps. We use two approaches to build datasets. In the first, we perform text mining on the source code and construct several datasets and in the second we build one dataset by extracting source code metrics using an open-source tool. After building the datasets, we run several classification algorithms and assess their performance. Initial results show a high level of accuracy.

AB - Android is one of the most popular smartphone operating systems. This makes it one of the default targets for malicious cyber-attacks. Android's Play Store is not very restrictive which makes installing malicious apps easy. Botnets are amongst the most dangerous hacking approaches that are used nowadays on the internet. It is common for botnet developers to target smartphone users to install their malicious tools and target a larger number of devices. This is often done to gain access to sensitive data such as credit card details, or to cause damage to individual hosts or organisation resources by executing denial of service attacks. In this paper, we propose an approach to identify botnet Android mobile apps by means of source code mining. We analyse the source code via reverse engineering and data mining techniques for several examples of malicious and non-malicious apps. We use two approaches to build datasets. In the first, we perform text mining on the source code and construct several datasets and in the second we build one dataset by extracting source code metrics using an open-source tool. After building the datasets, we run several classification algorithms and assess their performance. Initial results show a high level of accuracy.

KW - Android App

KW - Android Botnet Detection

KW - Document Analysis

KW - Malware Detection

KW - Reverse Engineering

KW - Source Code Mining

KW - component

UR - http://www.scopus.com/inward/record.url?scp=85048047651&partnerID=8YFLogxK

U2 - 10.23919/ICITST.2017.8356358

DO - 10.23919/ICITST.2017.8356358

M3 - Conference contribution

AN - SCOPUS:85048047651

T3 - 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

SP - 111

EP - 115

BT - 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 11 December 2017 through 14 December 2017

ER -

Alothman B, Rattadilok P. Android botnet detection: An integrated source code mining approach. In 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. Institute of Electrical and Electronics Engineers Inc. 2018. p. 111-115. (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017). doi: 10.23919/ICITST.2017.8356358

Android botnet detection: An integrated source code mining approach

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this