Mobile botnets are the serious issue about the mobile devices such as car, smartphones, tablets,etc. Mobile botnets are the botnets which are occurred on smartphones and automobile devices. Such threat can be detected by using machine learning algorithms and system call analysis approach.
NO1 Pakistan Best vashikaran specialist in UK USA UAE London Dubai Canada Ame...
Sample presentation template 1504637860420
1. Presented By :
Jadhav Akshay Bandu
SEMINAR –I PRESENTATION
ON
Detection of Mobile Botnets
DEPARTMENT OF COMPUTER ENGINEERING
S.S.V.P.S.’s B.S. DEORE COLLEGE OF ENGINEERING, DHULE
2017-2018
Guided By :
Prof. Manisha S. Patil
2. Outline
Detection Of Mobile Botnets2
Introduction
Literature Survey
Mobile Botnets
Botnet Detection for mobile devices
Test Environment and Dataset
Evaluation Metrics and Results
Advantage /Disadvantage
Conclusion
Bibliography
23-Sep-17
3. Introduction
23-Sep-17Detection Of Mobile Botnets3
A botnet refers to a type of bot running on an IRC
network that has been created with a Trojan.
Trojan is a destructive program that
masquerades as a benign application
A botnet is composed of three main components,
the bot, the botmaster and the Command and
Control infrastructure.
An efficient approach to detect bot malware is
needed to neutralize the threat that botnets
impose
Mobile Botnets are the type of botnet that targets
mobile devices such as smart phones
4. Literature Survey
23-Sep-17Detection Of Mobile Botnets4
A dynamic taint tracking system TaintDroid was
proposed by V. Tendulkar and Han S. to track
vulnerabilities in Android systems.
Smart-Droid was designed to automatically identify
UI specific conditions which cause malicious
activities by Han X.
Burguera et al. proposed Crow-droid to detect
mobile malware, regardless of whether they are
botnets or not
Karim et al. for instance, use a sandbox in their
experiments
5. Mobile Botnet
Detection Of Mobile Botnets5
Mobile Botnets are the type of Botnet that
targets mobile devices such as smart phones,
tablets, Cars, etc.
Mobile botnets take advantage of unpatched
exploits to provide hackers with root
permissions
Most mobile botnets are undetected
Mobile botnets are able to spread 23-Sep-17
6. Botnet Detection For Mobile Devices
Detection Of Mobile Botnets6
A host and anomaly based Mobile Botnet
detection
The system is divided into three parts
1. Monitoring and acquisition module
2. Pre-processing module
3. The Classifier
23-Sep-17
Fig. Host-based Mobile Botnet detection system
7. Botnet Detection For Mobile Devices
Detection Of Mobile Botnets7
A. Monitoring and Acquisition Module
This model is responsible for collecting all the
data
This module constantly monitoring and
checking the device for new user-owned
processes
This module automatically launches ‘Strace
system’ call when new process is detected
By using Strace tools we analyze a list in
chronological order of system calls the process
23-Sep-17
8. Botnet Detection For Mobile Devices
Detection Of Mobile Botnets8
B. Pre-processing Module
This model is responsible for extracting features
needed for the classifier
For the creation of Feature vectors the system
calls grouped according to time-window
Each time window is an instance for classification
C. The Classifier
The classifier is responsible to classify normal or
mobile botnet activity
The classifier is nothing but the Machine Learning
Algorithm
23-Sep-17
9. Test Environment and Dataset
Detection Of Mobile Botnets9
The botnet applications were provided by the
ICSX Android Botnet dataset
Android Botnet datasets containing different
families of botnets.
23-Sep-17
Table 1 : Applications Per Botnet Family
10. Test Environment and Dataset
Detection Of Mobile Botnets10
Using the monitoring and acquisition module,
we collected data from the device
Using the Strace files generated by the
monitoring and acquisition module, the pre-
processing part started
23-Sep-17
Table 2 :ML algorithm Performance Varying The Time-Window
11. Test Environment and Dataset
Detection Of Mobile Botnets11
Classifier module test multiple ML algorithms
i.e. a Random Forest, a SVM with linear kernel
and a SVM with RBF kernel.
23-Sep-17
Table 3 : Dataset Of 1 Second Time-window Division Format
12. Evaluation Metrics and Results
Detection Of Mobile Botnets12
The metrics used to measure the performance
of our classifier were:
1. .
2. .
3. .
4. .
5. .
23-Sep-17
13. Evaluation Metrics and Results
Detection Of Mobile Botnets13
Another approach to compare the performance
of multiple ML algorithms is the ROC curve
23-Sep-17
Fig. ROC curve
14. Evaluation Metrics and Results
Detection Of Mobile Botnets14
The box plots of the performance metrics
across 50 executions of the Random Forest
with a 500 ms time-window
23-Sep-17
Fig. Random Forest Performance
15. Conclusion
23-Sep-17Detection Of Mobile Botnets15
Since there were presented a solution to
detect mobile botnets using an anomaly and host-
based approach. By analyzing the system calls
that the mobile applications invoked during a time-
window and a Random Forest Classifier machine
learning techniques to increase the performance
of the classifier.
16. BIBLIOGRAPHY
23-Sep-17Detection Of Mobile Botnets16
[1] Enck W, Gilbert P, Han S, Tendulkar V, Chun B- G, Cox LP, et al. (2014)
TaintDroid: an information-flow tracking system for realtime privacy monitoring
on smartphones. ACM Transactions on Computer Systems (TOCS) 32: 5.
[2] I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: Behavior- Based
Malware Detection System for Android,” Proceedings of the 1st ACM workshop
on Security and privacy in smart phones and mobile devises - SPSM ’11, p. 15,
2011.
[3] S. S. C. Silva, R. M. P. Silva, R. C. G. Pinto, and R. M. Salles, “Botnets: A
survey,” Computer Networks, vol. 57, no. 2, pp. 378–403, 2013.
Trojan:-
. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:
IRC -Internet Relay Chat is an application layer protocol that facilitates communication in the form of text. The chat process works on a client/server networking.
TaintDroid uses a scientific technique called "dynamic taint analysis". This technique marks information of interest with an identifier called a "taint." That taint stays with the information when it is used. The tracking system then monitors the movement of tainted information.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.
1.Legitimate node do not know there existence.
2.Legitimate node are aware of there existence.
Proposed work implement hidden attack.