Mobile botnets are the serious issue about the mobile devices such as car, smartphones, tablets,etc. Mobile botnets are the botnets which are occurred on smartphones and automobile devices. Such threat can be detected by using machine learning algorithms and system call analysis approach.

1. Presented By :
Jadhav Akshay Bandu
SEMINAR –I PRESENTATION
ON
Detection of Mobile Botnets
DEPARTMENT OF COMPUTER ENGINEERING
S.S.V.P.S.’s B.S. DEORE COLLEGE OF ENGINEERING, DHULE
2017-2018
Guided By :
Prof. Manisha S. Patil

2. Outline
Detection Of Mobile Botnets2
 Introduction
 Literature Survey
 Mobile Botnets
 Botnet Detection for mobile devices
 Test Environment and Dataset
 Evaluation Metrics and Results
 Advantage /Disadvantage
 Conclusion
 Bibliography
23-Sep-17

3. Introduction
23-Sep-17Detection Of Mobile Botnets3
 A botnet refers to a type of bot running on an IRC
network that has been created with a Trojan.
 Trojan is a destructive program that
masquerades as a benign application
 A botnet is composed of three main components,
the bot, the botmaster and the Command and
Control infrastructure.
 An efficient approach to detect bot malware is
needed to neutralize the threat that botnets
impose
 Mobile Botnets are the type of botnet that targets
mobile devices such as smart phones

4. Literature Survey
23-Sep-17Detection Of Mobile Botnets4
 A dynamic taint tracking system TaintDroid was
proposed by V. Tendulkar and Han S. to track
vulnerabilities in Android systems.
 Smart-Droid was designed to automatically identify
UI specific conditions which cause malicious
activities by Han X.
 Burguera et al. proposed Crow-droid to detect
mobile malware, regardless of whether they are
botnets or not
 Karim et al. for instance, use a sandbox in their
experiments

5. Mobile Botnet
Detection Of Mobile Botnets5
 Mobile Botnets are the type of Botnet that
targets mobile devices such as smart phones,
tablets, Cars, etc.
 Mobile botnets take advantage of unpatched
exploits to provide hackers with root
permissions
 Most mobile botnets are undetected
 Mobile botnets are able to spread 23-Sep-17

6. Botnet Detection For Mobile Devices
Detection Of Mobile Botnets6
 A host and anomaly based Mobile Botnet
detection
 The system is divided into three parts
1. Monitoring and acquisition module
2. Pre-processing module
3. The Classifier
23-Sep-17
Fig. Host-based Mobile Botnet detection system

7. Botnet Detection For Mobile Devices
Detection Of Mobile Botnets7
A. Monitoring and Acquisition Module
 This model is responsible for collecting all the
data
 This module constantly monitoring and
checking the device for new user-owned
processes
 This module automatically launches ‘Strace
system’ call when new process is detected
 By using Strace tools we analyze a list in
chronological order of system calls the process
23-Sep-17

8. Botnet Detection For Mobile Devices
Detection Of Mobile Botnets8
B. Pre-processing Module
 This model is responsible for extracting features
needed for the classifier
 For the creation of Feature vectors the system
calls grouped according to time-window
 Each time window is an instance for classification
C. The Classifier
 The classifier is responsible to classify normal or
mobile botnet activity
 The classifier is nothing but the Machine Learning
Algorithm
23-Sep-17

9. Test Environment and Dataset
Detection Of Mobile Botnets9
 The botnet applications were provided by the
ICSX Android Botnet dataset
 Android Botnet datasets containing different
families of botnets.
23-Sep-17
Table 1 : Applications Per Botnet Family

10. Test Environment and Dataset
Detection Of Mobile Botnets10
 Using the monitoring and acquisition module,
we collected data from the device
 Using the Strace files generated by the
monitoring and acquisition module, the pre-
processing part started
23-Sep-17
Table 2 :ML algorithm Performance Varying The Time-Window

11. Test Environment and Dataset
Detection Of Mobile Botnets11
 Classifier module test multiple ML algorithms
i.e. a Random Forest, a SVM with linear kernel
and a SVM with RBF kernel.
23-Sep-17
Table 3 : Dataset Of 1 Second Time-window Division Format

12. Evaluation Metrics and Results
Detection Of Mobile Botnets12
 The metrics used to measure the performance
of our classifier were:
1. .
2. .
3. .
4. .
5. .
23-Sep-17

13. Evaluation Metrics and Results
Detection Of Mobile Botnets13
 Another approach to compare the performance
of multiple ML algorithms is the ROC curve
23-Sep-17
Fig. ROC curve

14. Evaluation Metrics and Results
Detection Of Mobile Botnets14
 The box plots of the performance metrics
across 50 executions of the Random Forest
with a 500 ms time-window
23-Sep-17
Fig. Random Forest Performance

15. Conclusion
23-Sep-17Detection Of Mobile Botnets15
Since there were presented a solution to
detect mobile botnets using an anomaly and host-
based approach. By analyzing the system calls
that the mobile applications invoked during a time-
window and a Random Forest Classifier machine
learning techniques to increase the performance
of the classifier.

16. BIBLIOGRAPHY
23-Sep-17Detection Of Mobile Botnets16
[1] Enck W, Gilbert P, Han S, Tendulkar V, Chun B- G, Cox LP, et al. (2014)
TaintDroid: an information-flow tracking system for realtime privacy monitoring
on smartphones. ACM Transactions on Computer Systems (TOCS) 32: 5.
[2] I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: Behavior- Based
Malware Detection System for Android,” Proceedings of the 1st ACM workshop
on Security and privacy in smart phones and mobile devises - SPSM ’11, p. 15,
2011.
[3] S. S. C. Silva, R. M. P. Silva, R. C. G. Pinto, and R. M. Salles, “Botnets: A
survey,” Computer Networks, vol. 57, no. 2, pp. 378–403, 2013.

17. 23-Sep-17Detection Of Mobile Botnets17