Cooperative network behaviour analysis model for mobile Botnet detection

• Published in: ISCAIE 2016 - 2016 IEEE Symposium on Computer Applications and Industrial Electronics
• Main Author: Eslahi M.; Yousefi M.; Naseri M.V.; Yussof Y.M.; Tahir N.M.; Hashim H.
• Format: Conference paper
• Language: English
• Published: Institute of Electrical and Electronics Engineers Inc. 2016
• Online Access: https://www.scopus.com/inward/record.uri?eid=2-s2.0-84992034514&doi=10.1109%2fISCAIE.2016.7575046&partnerID=40&md5=f2e5a02bdef0827f24f13571e01e6409

Recently, the mobile devices are well integrated with Internet and widely used by normal users and organizations which employ Bring Your Own Device technology. On the other hand, the mobile devices are less protected in comparison to computers. Therefore, the mobile devices and networks have now become attractive targets for attackers. Amongst several types of mobile threats, the mobile HTTP Botnets can be considered as one of the most sophisticated attacks. A HTTP Bots stealthily infect mobile devices and periodically communicate with their controller called Botmaster. Although the Bots hide their activities amongst the normal web flows, their periodic pattern has been used as a measure to detect their activities. In this paper we propose a cooperative network behaviour analysis model to identify the level of periodicity posed by mobile Bots. Finally three metrics is proposed to detect Mobile HTTP Botnets based on similarity and correlation of their group activities. Test results show that the propose model can efficiently classify communication patterns into several periodicity categories and detect mobile Botnets. © 2016 IEEE.