SMS Botnet Detection for Android Devices through Intent Capture and Modeling

2015 IEEE 34th Symposium on Reliable Distributed Systems Workshop (SRDSW) Pub Date : 2015-09-28 DOI:10.1109/SRDSW.2015.21

Erik Johnson, I. Traoré

{"title":"SMS Botnet Detection for Android Devices through Intent Capture and Modeling","authors":"Erik Johnson, I. Traoré","doi":"10.1109/SRDSW.2015.21","DOIUrl":null,"url":null,"abstract":"Mobile devices are subject to an increased attack surface vector as compared to desktop computing, due to the nature of sensors, radios, and increased peripherals. We investigate in this work mobile botnets with a specific focus on Android, which is the most widely adopted mobile platform, and a prime target for malicious software, 79% of reported malware threats to mobile operating systems are targeted at Android. Our analysis focuses on a short messaging service (SMS) botnet structure and investigates a new detection model using the concept of intents. We show that transparent control can be achieved by a remote endpoint, yet also detected by our proposed intent detection model. Intents are late run-time bindings mechanisms provided to applications in the Android operating system. Intents provide a clear and accurate picture of device behaviour with external sources, due to their design as a late run time binding mechanism in the Android Operating System. We propose an intent logging system to capture sample data, and use this as the basis to design and evaluate our proposed detection scheme.","PeriodicalId":415692,"journal":{"name":"2015 IEEE 34th Symposium on Reliable Distributed Systems Workshop (SRDSW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 34th Symposium on Reliable Distributed Systems Workshop (SRDSW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRDSW.2015.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Mobile devices are subject to an increased attack surface vector as compared to desktop computing, due to the nature of sensors, radios, and increased peripherals. We investigate in this work mobile botnets with a specific focus on Android, which is the most widely adopted mobile platform, and a prime target for malicious software, 79% of reported malware threats to mobile operating systems are targeted at Android. Our analysis focuses on a short messaging service (SMS) botnet structure and investigates a new detection model using the concept of intents. We show that transparent control can be achieved by a remote endpoint, yet also detected by our proposed intent detection model. Intents are late run-time bindings mechanisms provided to applications in the Android operating system. Intents provide a clear and accurate picture of device behaviour with external sources, due to their design as a late run time binding mechanism in the Android Operating System. We propose an intent logging system to capture sample data, and use this as the basis to design and evaluate our proposed detection scheme.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于意图捕获和建模的Android设备短信僵尸网络检测

与桌面计算相比，由于传感器、无线电和外设的特性，移动设备受到的攻击面向量增加。在这项工作中，我们调查了移动僵尸网络，特别关注Android，这是最广泛采用的移动平台，也是恶意软件的主要目标，79%的移动操作系统恶意软件威胁是针对Android的。我们的分析侧重于短消息服务(SMS)僵尸网络结构，并研究了一种使用意图概念的新检测模型。我们表明，透明控制可以通过远程端点实现，但也可以通过我们提出的意图检测模型进行检测。intent是Android操作系统中提供给应用程序的后期运行时绑定机制。由于intent被设计为Android操作系统的一种后期运行时绑定机制，所以它能够通过外部资源清晰而准确地描述设备行为。我们提出了一个意图测井系统来捕获样本数据，并以此为基础来设计和评估我们提出的检测方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2015 IEEE 34th Symposium on Reliable Distributed Systems Workshop (SRDSW)

自引率

0.00%

发文量