Building a Hybrid Experimental Platform for Mobile Botnet Research

  • Apostolos Malatras European Commission Joint Research Centre (JRC) Institute for the Protection and Security of the Citizen
  • Laurent Beslay European Commission Joint Research Centre (JRC) Institute for the Protection and Security of the Citizen

Abstract

Mobile botnets are an emerging security threat that aims at exploiting the wide penetration of mobile devices and systems and their vulnerabilities in the same spirit of traditional botnets. Mobile botmasters take advantage of infected mobile devices and issue command and control operations on them to extract personal information, cause denial of service or gain financially. To date, research on countering such attacks or studying their effects has been conducted in a sporadic manner that hinders the repetition of experiments and thus limits their validity. We present here our work on a hybrid experimental platform for mobile botnets that supports the execution and monitoring of related scenarios concerning their infection, attack vectors, propagation, etc. The platform is based on principles of flexibility, extensibility and facilitates the setup of scalable experiments utilising both real and emulated mobile systems. We also discuss a novel method of estimating the active bot population in a botnet and illustrate its deployment on the experimental platform.

References

[1] Ahmad Karim, SyedAdeelAli Shah, and Rosli Salleh. Mobile botnet attacks: A thematic taxonomy. In lvaro Rocha, Ana Maria Correia, Felix . B Tan, and Karl . A Stroetmann, editors, New Perspectives in Information Systems and Technologies, Volume 2, volume 276 of Advances in Intelligent Systems and Computing, pages 153–164. Springer International Publishing, 2014.
[2] A. Malatras, E. Freyssinet, and L. Beslay. Mobile botnets taxonomy and challenges. In Intelligence and Security Informatics Conference (EISIC), 2015 European, volume 1, pages 1–4, Sep 2015.
[3] Ruchna Nigam. A timeline of mobile botnets. In 2nd BotConf 2014, volume 1, pages 1–23, Dec 2014.
[4] Rafael A. Rodr´ıguez-G´omez, Gabriel Maci´a-Fern´andez, and Pedro Garc´ıa-Teodoro. Survey and taxonomy of botnet research through lifecycle. ACM Comput. Surv., 45(4):45:1–45:33, August 2013.
[5] Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta. On cellular botnets: Measuring the impact of malicious devices on a cellular network core. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, pages 223–234, New York, NY, USA, 2009. ACM.
[6] G. M. Jolly. Explicit estimates from capture-recapture data with both death and immigration-stochastic model. Biometrika, 52(1/2):pp. 225–247, 1965.
[7] H.R. Zeidanloo and A.A. Manaf. Botnet command and control mechanisms. In Computer and Electrical Engineering, 2009. ICCEE ’09. Second International Conference on, volume 1, pages 564–568, Dec 2009.
[8] Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna. The underground economy of spam: A botmaster’s perspective of coordinating large-scale spam campaigns. In Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, LEET’11, pages 4–4, Berkeley, CA, USA, 2011. USENIX Association.
[9] Zonghua Zhang, Ruo Ando, and Youki Kadobayashi. Information security and cryptology. chapter Hardening Botnet by a Rational Botmaster, pages 348–369. Springer-Verlag, Berlin, Heidelberg, 2009.
[10] David Zhao, Issa Traore, Bassam Sayed, Wei Lu, Sherif Saad, Ali Ghorbani, and Dan Garant. Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur., 39:2–16, November 2013.
[11] Ickin Vural and Hein Venter. Mobile botnet detection using network forensics. In Proceedings of the Third Future Internet Conference on Future Internet, FIS’10, pages 57–67, Berlin, Heidelberg, 2010. Springer-Verlag.
[12] Yuanyuan Zeng, Kang G. Shin, and Xin Hu. Design of sms commandedand-controlled and p2p-structured mobile botnets. In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC ’12, pages 137–148, New York, NY, USA, 2012. ACM.
[13] Jingyu Hua and Kouichi Sakurai. A sms-based mobile botnet using flooding algorithm. In Proceedings of the 5th IFIP WG 11.2 International Conference on Information Security Theory and Practice: Security and Privacy of Mobile Devices in Wireless Communication, WISTP’11, pages 264–279, Berlin, Heidelberg, 2011. Springer-Verlag.
[14] Ragib Hasan, Nitesh Saxena, Tzipora Haleviz, Shams Zawoad, and Dustin Rinehart. Sensing-enabled channels for hard-to-detect command and control of mobile devices. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS ’13, pages 469–480, New York, NY, USA, 2013. ACM.
[15] Andre Egners, Ulrike Meyer, and Bjorn Marschollek. Messing with android’s permission model. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM ’12, pages 505–514, Washington, DC, USA, 2012. IEEE Computer Society.
[16] Collin Mulliner, Steffen Liebergeld, and Matthias Lange. Honeydroidcreating a smartphone honeypot. In Poster session of the IEEE Symposium on Security and Privacy (May 2011), IEEE, 2011.
[17] Rhiannon Weaver. A probabilistic population study of the conficker-c botnet. In Proceedings of the 11th International Conference on Passive and Active Measurement, PAM’10, pages 181–190, Berlin, Heidelberg, 2010. Springer-Verlag.
[18] C. Rossow, D. Andriesse, T. Werner, B. Stone-Gross, D. Plohmann, C.J. Dietrich, and H. Bos. Sok: P2pwned - modeling and evaluating the resilience of peer-to-peer botnets. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 97–111, May 2013.
[19] Tung-Ming Koo and Hung-Chang Chang. Combining the capturerecapture method and simple linear regression analysis of the malicious domains estimation. Applied Mathematics & Information Sciences, 7(2L):425–433, 2013.
[20] Cui Xiang, Fang Binxing, Yin Lihua, Liu Xiaoyi, and Zang Tianning. Andbot: Towards advanced mobile botnets. In Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, LEET’11, pages 11–11, Berkeley, CA, USA, 2011. USENIX Association.
[21] C. Mulliner and J.-P. Seifert. Rise of the ibots: Owning a telco network. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, pages 71–80, Oct 2010.
[22] Jon Oberheide and Farnam Jahanian. When mobile is harder than fixed (and vice versa): Demystifying security challenges in mobile environments. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, HotMobile ’10, pages 43–48, New York, NY, USA, 2010. ACM.
[23] Erol Gelenbe, Gke Grbil, Dimitrios Tzovaras, Steffen Liebergeld, David Garcia, Madalina Baltatu, and George Lyberopoulos. Nemesys: Enhanced network security for seamless service provisioning in the smart mobile ecosystem. In Erol Gelenbe and Ricardo Lent, editors, Information Sciences and Systems 2013, volume 264 of Lecture Notes in Electrical Engineering, pages 369–378. Springer International Publishing, 2013.
[24] Matthias W¨ahlisch, Sebastian Trapp, Christian Keil, Jochen Sch¨onfelder, Thomas C. Schmidt, and Jochen Schiller. First insights from a mobile honeypot. In Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM ’12, pages 305–306, New York, NY, USA, 2012. ACM.
[25] Brent Chun, David Culler, Timothy Roscoe, Andy Bavier, Larry Peterson, Mike Wawrzoniak, and Mic Bowman. Planetlab: An overlay testbed for broad-coverage services. SIGCOMM Comput. Commun. Rev., 33(3):3–12, July 2003.
[26] Andr´as Varga et al. The omnet++ discrete event simulation system. In Proceedings of the European simulation multiconference (ESM2001), volume 9, page 65. sn, 2001.
Published
2016-03-10
How to Cite
MALATRAS, Apostolos; BESLAY, Laurent. Building a Hybrid Experimental Platform for Mobile Botnet Research. The Journal on Cybercrime & Digital Investigations, [S.l.], v. 1, n. 1, p. 29-39, mar. 2016. ISSN 2494-2715. Available at: <https://journal.cecyf.fr/ojs/index.php/cybin/article/view/8>. Date accessed: 25 june 2017. doi: https://doi.org/10.18464/cybin.v1i1.8.
Section
Conference proceedings