A Learning Model to Detect Android C&C Applications Using Hybrid Analysis

Smartphone devices particularly Android devices are in use by billions of people everywhere in the world.Similarly,this increasing rate attracts mobile botnet attacks which is a network of interconnected nodes operated through the command and control(C&C)method to expand malicious activities.At present,mobile botnet attacks launched the Distributed denial of services(DDoS)that causes to steal of sensitive data,remote access,and spam generation,etc.Consequently,various approaches are defined in the literature to detect mobile botnet attacks using static or dynamic analysis.In this paper,a novel hybrid model,the combination of static and dynamic methods that relies on machine learning to detect android botnet applications is proposed.Furthermore,results are evaluated using machine learning classifiers.The Random Forest(RF)classifier outperform as compared to other ML techniques i.e.,Naïve Bayes(NB),Support Vector Machine(SVM),and Simple Logistic(SL).Our proposed framework achieved 97.48%accuracy in the detection of botnet applications.Finally,some future research directions are highlighted regarding botnet attacks detection for the entire community.

MobSafe:Cloud Computing Based Forensic Analysis for Massive Mobile Applications Using Data Mining

With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win＋Intel alliance in PC, Android＋ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app＇s virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework （ASEF） and Static Android Analysis Framework （SAAF）, the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.