Jingyu Hua,Kouichi Sakurai

DOI: https://doi.org/10.1016/j.comnet.2012.06.007

IF: 5.493

2012-01-01

Computer Networks

Abstract:Many serious threats for PCs are spreading to the mobile environment. A mobile botnet, which is a collection of hijacked smartphones under the control of hackers, is one of them. With the quick development of the computing and communication abilities of smartphones, many command and control (C&C) techniques in PC botnets can be easily reused in mobile botnets. However, some particular functions and characteristics of smartphones may provide botmasters with additional means to control their mobile botnets. This paper presents two special C&C mechanisms that leverage Short Message Service and human mobility, respectively. The first one designs a SMS-based flooding algorithm to propagate commands. We theoretically prove that the uniform random graph is the optimal topology for this botnet, and demonstrate its high efficiency and stealth with various simulations. The second one utilizes Bluetooth to transmit botnet commands when hijacked smartphones encounter each other while in motion. We study its performance in a 100mx100m square area with NS-2 simulations, and show that human-mobility characteristics facilitate the command propagation. Even if the infection rate is low, the command can still be effectively propagated provided that the mobility of devices is high. In the end, we propose effective defense strategies against these two special C&C mechanisms.

Jingyu Hua,Kouichi Sakurai

DOI: https://doi.org/10.1007/978-3-642-21040-2_19

2011-01-01

Abstract:As a lot of sophisticated duties are being migrated to mobile phones, they are gradually becoming hot targets of hackers. Actually, during the past few years, It has appeared many malware targeting mobile phones and the situation is getting worse. Under this circumstance, we may ask a serious question: whether can those infected phones be organized to a botnet? In this paper, we present a design of such a botnet using Short Message Service (SMS) as its Command and Control (C&C) medium. We cover all the aspects of the botnet design including the stealthiness protection, the topology selecting and the botnet maintaining. Our simulations show that in our proposed SMS-based botnet a newly issued C&C message can be covertly propagated to over 90% of the total 20000 bots within 20 minutes based on a simple flooding algorithm. Moreover, in this process each bot sends no more than four SMS messages and the botnet is robust to both random and selective node failures. Thereby, we demonstrate that the proposed mobile botnet is indeed a serious threat on the security of the mobile computing environment. For this reason, we further explore several effective defense strategies against such a botnet. In doing so, we hope to be one step ahead of the hackers to discover and prevent this upcoming threat.

Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

Shuai Wang,Xiang Cui,Peng Liao,Dan Li

DOI: https://doi.org/10.1007/978-3-642-35795-4_52

2013-01-01

Abstract:The rapid development of 3G/WiFi network and Smartphone has greatly stimulated the evolution of mobile botnets. Mobile botnets have attracted extensive attentions from the academic community. In this paper, we introduce our design of an advanced mobile botnet called SUbot which exploits a novel command and control (C&C) strategy named Shorten-URL Flux (short for S-URL Flux). The proposed SUbot would have desirable features including being stealthy, resilient and low-cost (i.e., low battery power consumption, low traffic consumption and low money cost).This paper focuses on the design principle of the mobile botnet. In comparison to traditional mobile botnet, SUbot has stronger adaptability and stability. It's of great significance to research and defend against such kind of advance mobile botnet. © Springer-Verlag Berlin Heidelberg 2013.

Jinku Li,Yangtian Ye,Yajin Zhou,Jianfeng Ma

DOI: https://doi.org/10.1109/access.2018.2804321

IF: 3.9

2018-01-01

IEEE Access

Abstract:Short message service (SMS) authorization codes play an important role in the application ecosystem, as a number of transactions (e.g., personal identification and online banking) require users to provide a code for authorization purposes. However, authorization codes in SMS messages can be stolen and forwarded by attackers, which introduces serious security concerns. In this paper, we propose CodeTracker, a lightweight approach to track and protect SMS authorization codes. Specifically, we leverage the taint tracking technique to mark the authorization code with taint tags at the origin of the incoming SMS messages (taint sources), and then, we propagate the tags in the system. To this end, we modify the related array structure, array operations, string operations, inter-process communication mechanism, and file operations for secondary storage of SMS authorization codes to ensure that the taint tags cannot be removed. When the authorization code is sent out via either SMS messages or network connections (taint sinks), we extract the taint tag of the data and enforce pre-defined security policies to prevent the code from being leaked. We have developed a prototype of CodeTracker on Android's ART virtual machine and used 1, 218 SMS-stealing Android malware samples to evaluate the system. The evaluation results show that CodeTracker can effectively track and protect SMS authorization codes with a small performance overhead (<;2% on average).

Wei Dong

DOI: https://doi.org/10.4028/www.scientific.net/amm.543-547.2884

2014-01-01

Applied Mechanics and Materials

Abstract:The last few years has seen a massive growth of applications for smart phone operating systems such as Android, IOS. Short message services (SMS) is one of them. Although SMS as an application has existed for a long time, the method for managing short messages is rather outdated and very inconvenient. The is partially because most of the SMS applications are inherited from old fashioned mobile platforms, in which users of mobile phone usually concentrate on basic phone service and demand less for SMS. With the introduction of smart phone operating system, the old-fashioned method of short messages management is not suitable. To cope with this problem, in this paper we first conduct research on modern ways of short messages management, and then a short message services management system for mobile devices is designed. In this new system, more advanced options, such as messages query by date, by sender and sending a message to many receivers at the same time, for short messages is provided. Moreover, to validate our research and design, we implement the system based on Android platform. And we conduct some experiments with this system and test results shows that our system works quite well. With the mobile Internet becoming increasingly important to life, our research is expected to improve work efficiency greatly.

Bruno Sousa,Duarte Dias,Nuno Antunes,Javier Cámara,Ryan Wagner,Bradley Schmerl,David Garlan,Pedro Fidalgo

DOI: https://doi.org/10.1016/j.cose.2024.103768

IF: 5.105

2024-02-24

Computers & Security

Abstract:Mobile malware is a malicious code specifically designed to target mobile devices to perform multiple types of fraud. The number of attacks reported each day is increasing constantly and is causing an impact not only at the end-user level but also at the network operator level. Malware like FluBot contributes to identity theft and data loss but also enables remote Command & Control (C2) operations, which can instrument infected devices to conduct Distributed Denial of Service (DDoS) attacks. Current mobile device-installed solutions are not effective, as the end user can ignore security warnings or install malicious software. This article designs and evaluates MONDEO-Tactics5G - a multistage botnet detection mechanism that does not require software installation on end-user devices, together with tactics for 5G network operators to manage infected devices. We conducted an evaluation that demonstrates high accuracy in detecting FluBot malware, and in the different adaptation strategies to reduce the risk of DDoS while minimising the impact on the clients' satisfaction by avoiding disrupting established sessions.

computer science, information systems

Suleiman Y. Yerima,Mohammed K. Alzaylaee

DOI: https://doi.org/10.48550/arXiv.2007.00263

2020-07-01

Cryptography and Security

Abstract:Android, being the most widespread mobile operating systems is increasingly becoming a target for malware. Malicious apps designed to turn mobile devices into bots that may form part of a larger botnet have become quite common, thus posing a serious threat. This calls for more effective methods to detect botnets on the Android platform. Hence, in this paper, we present a deep learning approach for Android botnet detection based on Convolutional Neural Networks (CNN). Our proposed botnet detection system is implemented as a CNN-based model that is trained on 342 static app features to distinguish between botnet apps and normal apps. The trained botnet detection model was evaluated on a set of 6,802 real applications containing 1,929 botnets from the publicly available ISCX botnet dataset. The results show that our CNN-based approach had the highest overall prediction accuracy compared to other popular machine learning classifiers. Furthermore, the performance results observed from our model were better than those reported in previous studies on machine learning based Android botnet detection.

Mehdi Asadi,Mohammad Ali Jabraeil Jamali,Arash Heidari,Nima Jafari Navimipour

DOI: https://doi.org/10.1002/ett.5056

IF: 3.6

2024-10-22

Transactions on Emerging Telecommunications Technologies

Abstract:ABSTRACT Botnets have emerged as a significant internet security threat, comprising networks of compromised computers under the control of command and control (C&C) servers. These malevolent entities enable a range of malicious activities, from denial of service (DoS) attacks to spam distribution and phishing. Each bot operates as a malicious binary code on vulnerable hosts, granting remote control to attackers who can harness the combined processing power of these compromised hosts for synchronized, highly destructive attacks while maintaining anonymity. This survey explores botnets and their evolution, covering aspects such as their life cycles, C&C models, botnet communication protocols, detection methods, the unique environments botnets operate in, and strategies to evade detection tools. It analyzes research challenges and future directions related to botnets, with a particular focus on evasion and detection techniques, including methods like encryption and the use of covert channels for detection and the reinforcement of botnets. By reviewing existing research, the survey provides a comprehensive overview of botnets, from their origins to their evolving tactics, and evaluates how botnets evade detection and how to counteract their activities. Its primary goal is to inform the research community about the changing landscape of botnets and the challenges in combating these threats, offering guidance on addressing security concerns effectively through the highlighting of evasion and detection methods. The survey concludes by presenting future research directions, including using encryption and covert channels for detection and strategies to strengthen botnets. This aims to guide researchers in developing more robust security measures to combat botnets effectively.

telecommunications

Guan-Hua Tu,Yuanjie Li,Chunyi Peng,Chi-Yu Li,Muhammad Taqi Raza,Hsiao-Yun Tseng,Songwu Lu

DOI: https://doi.org/10.48550/arXiv.1510.08531

2015-10-29

Cryptography and Security

Abstract:Mobile Internet is becoming the norm. With more personalized mobile devices in hand, many services choose to offer alternative, usually more convenient, approaches to authenticating and delivering the content between mobile users and service providers. One main option is to use SMS (i.e., short messaging service). Such carrier-grade text service has been widely used to assist versatile mobile services, including social networking, banking, to name a few. Though the text service can be spoofed via certain Internet text service providers which cooperated with carriers, such attacks haven well studied and defended by industry due to the efforts of research community. However, as cellular network technology advances to the latest IP-based 4G LTE, we find that these mobile services are somehow exposed to new threats raised by this change, particularly on 4G LTE Text service (via brand-new distributed Mobile-Initiated Spoofed SMS attack which is not available in legacy 2G/3G systems). The reason is that messaging service over LTE shifts from the circuit-switched (CS) design to the packet-switched (PS) paradigm as 4G LTE supports PS only. Due to this change, 4G LTE Text Service becomes open to access. However, its shields to messaging integrity and user authentication are not in place. As a consequence, such weaknesses can be exploited to launch attacks (e.g., hijack Facebook accounts) against a targeted individual, a large scale of mobile users and even service providers, from mobile devices. Current defenses for Internet-Initiated Spoofed SMS attacks cannot defend the unprecedented attack. Our study shows that 53 of 64 mobile services over 27 industries are vulnerable to at least one threat. We validate these proof-of-concept attacks in one major US carrier which supports more than 100 million users. We finally propose quick fixes and discuss security insights and lessons we have learnt.

Ju Ren,Yaoxue Zhang,Kuan Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/MCOM.2015.7060488

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:With the proliferation of increasingly powerful mobile devices, mobile users can collaboratively form a mobile cloud to provide pervasive services, such as data collecting, processing, and computing. With this mobile cloud, mobile crowdsourcing, as an emerging service paradigm, can enable mobile users to take over the outsourced tasks. By leveraging the sensing capabilities of mobile devices and integrating human intelligence and machine-computation, mobile crowdsourcing has the potential to revolutionize the approach of data collecting and processing. In this article we investigate the mobile crowdsourcing architecture and applications, then discuss some research challenges and countermeasures for developing mobile crowdsourcing. Some research orientations are finally envisioned for further studies.

Jinquan Zeng,Weiwen Tang,Caiming Liu,Jianbin Hu,Lingxi Peng

DOI: https://doi.org/10.1007/978-3-642-34038-3_79

2012-01-01

Abstract:Botnet is an attack network composed of hundreds of millions of compromised computers. Botnet is emerging as the most serious threat against cyber-security and is used to launch Distributed Denial of Service (DDoS) attacks, malware dissemination, phishing, remote control, click fraud, and etc. Although botnet has posed serious security threat on Internet, the research of detecting and preventing botnet is still in its infancy. One effective technique for botnet detection is to identify botnet C&C traffic. In this paper, we present a case study of the IRC-based botnet C&C communication and then present a novel method to detect botnet C&C communications. We develop quantitative ways to assess the C&C communications between the bot and the C&C server; furthermore, we also illustrate the correlation methods within the same botnet's C&C communications to decrease the false positive rate.

Yangyi Chen,Tongxin Li,Xiaofeng Wang,Kai Chen,Xinhui Han

DOI: https://doi.org/10.1145/2810103.2813652

2015-01-01

Abstract:In this paper, we report the first large-scale, systematic study on the security qualities of emerging push-messaging services, focusing on their app-side service integrations. We identified a set of security properties different push-messaging services (e.g., Google Cloud Messaging) need to have, and automatically verified them in different integrations using a new technique, called Seminal. Seminal is designed to extract semantic information from a service's sample code, and leverage the information to evaluate the security qualities of the service's SDKs and its integrations within different apps. Using this tool, we studied 30 leading services around the world, and scanned 35,173 apps. Our findings are astonishing: over 20% apps in Google Play and 50% apps in mainstream Chinese app markets are riddled with security-critical loopholes, putting a huge amount of sensitive user data at risk. Also, our research brought to light new types of security flaws never known before, which can be exploited to cause serious confusions among popular apps and services (e.g., Facebook, Skype, Yelp, Baidu Push). Taking advantage of such confusions, the adversary can post his content to the victim's apps in the name of trusted parties and intercept her private messages. The study highlights the serious challenges in securing push-messaging services and an urgent need for improving their security qualities.

Yuan Xu,Gelei Deng,Tianwei Zhang,Han Qiu,Yungang Bao

DOI: https://doi.org/10.1016/j.ins.2021.06.063

IF: 8.1

2021-10-01

Information Sciences

Abstract:<p>The development of robotics technology is accelerated by the strong support from cloud computing. Massive computation resources and services from the cloud make modern multi-robot systems more effcient and powerful. However, the integration of cloud services and multi-robot systems can also incur potential Denial-of-Service (DoS) threats, where an adversary can utilize the shared cloud resources to degrade or bring down the robot systems. In this paper, we conduct a comprehensive study about this security issue. By analyzing different attack vectors in cloud-robotic platforms, we propose three new DoS attacks, which compromise the cloud-based multi-robot systems by manipulating the network resources, micro-architecture resources, and function parameters respectively. We conduct extensive evaluations and case studies to demonstrate the feasibility and severity of our techniques. We alert the robotics community to these catastrophic attacks on the safety and performance of cloud-robotic systems, and encourage robotic researchers and developers to build better defenses for higher reliability, in addition to automation and intelligence.</p>

computer science, information systems

nengqiang he,sheng gao,xinran liu,minghua wang

DOI: https://doi.org/10.1049/cp.2013.2452

2013-01-01

Abstract:In this paper, we propose the CNCERT1 cloud based mobile sinkhole system (CCMSS) to monitor mobile (or smartphone) victims infected by mobile malwares. Different from sinkholes for computer malwares, CCMSS is designed to redirect victim's flow at malware's DNS server by considering that most mobile malware victims access Internet through cellular networks in China. CCMSS is deployed in CNCERT cloud to balance victim's flow from different locations. The monitoring result of CCMSS shows that millions of mobile users are infected by mobile malwares in China, and the spreading of mobile malware is related with region.

Zeyu Lei,Yuhong Nan,Yanick Fratantonio,Antonio Bianchi

DOI: https://doi.org/10.14722/ndss.2021.24212

2021-01-01

Abstract:SMS messages containing One-Time Passwords (OTPs) are a widely used mechanism for performing authentication in mobile applications. In fact, many popular apps use OTPs received via SMS as the only authentication factor, entirely replacing password-based authentication schemes. Although SMS OTP authentication mechanisms provide significant convenience to end-users, they also have significant security implications. In this paper, we study these mobile apps' authentication schemes based on SMS OTPs, and, in particular, we perform a systematic study on the threats posed by "local attacks," a scenario in which an attacker has control over an unprivileged third-party app on the victim's device. This study was carried out using a combination of reverse engineering, formal verification, user studies, and large-scale automated analysis. Our work not only revealed vulnerabilities in third-party apps, but it also uncovered several new design and implementation flaws in core APIs implemented by the mobile operating systems themselves. For instance, we found two official Android APIs to be vulnerable by design, i.e., APIs that inevitably lead to the implementation of insecure authentication schemes, even when used according to their documentation. Moreover, we found that other APIs are prone to be used unsafely by apps' developers. Our large-scale study found 36 apps, sharing hundreds of millions of installations, that misuse these APIs, allowing a malicious local attacker to completely hijack their accounts. Such vulnerable apps include Telegram and KakaoTalk, some of the most popular messaging apps worldwide. Finally, we proposed a new and safer mechanism to perform SMS-based authentication, and we prove its safety using formal verification.

Long Chen,Chunhe Xia,Shengwei Lei,Tianbo Wang

DOI: https://doi.org/10.1109/access.2021.3049819

IF: 3.9

2021-01-01

IEEE Access

Abstract:In recent years, the application of smartphones, Android operating systems and mobile applications have become more prevalent worldwide. To study the traceability, propagation, and detection of the threats, we perform research on all aspects of the end-to-end environment. With machine learning based on the mobile malware detection algorithms that integrate the dynamic and static research of the identification algorithm, application software samples are collected to study sentences. Through knowledge labeling and knowledge construction, the association relationship of knowledge is extracted to realize the research of knowledge map construction. Flooding is closely correlated with the complexity of the Android mobile version of the kernel and malicious programs. A static dynamic analysis of the mobile malicious program is carried out, and the social network social diagram is constructed to model the propagation of the mobile malicious program. We extended the approach of deriving common malware behavior through graph clustering. On this basis, Android behavior analysis is performed through our virtual machine execution engine. We extend the family characteristics to the concept of DNA race genes. By studying SMS/MMS, Bluetooth, 5G base station networks, metropolitan area networks, social networks, homogeneous communities, telecommunication networks, and application market ecosystem propagation scenarios, we discovered the law of propagation. In addition, we studied the construction of the mobile Internet big data knowledge graph. Quantitative data for the main family chronology of mobile malware are obtained. We conducted detailed research and comprehensive analysis of Android application package (APK) details and behavior, relationship, resource-centric, and syntactic aspects. Furthermore, we summarized the architecture of mobile malware security analysis. We also discuss encryption of malware traffic discrimination. These precise modeling and quantified research re-ults constitute the architecture of mobile malware analysis.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sina Hojjatinia,Sajad Hamzenejadi,Hadis Mohseni

DOI: https://doi.org/10.48550/arXiv.1911.12457

2019-11-28

Abstract:Today, Android devices are able to provide various services. They support applications for different purposes such as entertainment, business, health, education, and banking services. Because of the functionality and popularity of Android devices as well as the open-source policy of Android OS, they have become a suitable target for attackers. Android Botnet is one of the most dangerous malwares because an attacker called Botmaster can control that remotely to perform destructive attacks. A number of researchers have used different well-known Machine Learning (ML) methods to recognize Android Botnets from benign applications. However, these conventional methods are not able to detect new sophisticated Android Botnets. In this paper, we propose a novel method based on Android permissions and Convolutional Neural Networks (CNNs) to classify Botnets and benign Android applications. Being the first developed method that uses CNNs for this aim, we also proposed a novel method to represent each application as an image which is constructed based on the co-occurrence of used permissions in that application. The proposed CNN is a binary classifier that is trained using these images. Evaluating the proposed method on 5450 Android applications consist of Botnet and benign samples, the obtained results show the accuracy of 97.2% and recall of 96% which is a promising result just using Android permissions.

Neural and Evolutionary Computing,Cryptography and Security,Machine Learning

Donghong Sun,Xuefeng Li,Wu Liu,Jianping Wu

DOI: https://doi.org/10.1109/ctc.2010.16

2010-01-01

Abstract:A widespread botnet is often used to carry cyber attacks, which results in serious threats to networks and properties. The application of combining botnets and P2P technology is powerful but complicated. This paper shows the differences of control mechanisms, running functions and working performance between central-controlled botnets and P2P-conctrolled botnets by analysis of several famous botnets. Futher more, This paper also reseaches on Command-and- Control (C&C) mechanism which works as the core component of botnets' architecture, giving out the definition and evaluation parameters of this mechanism, finally proposing a new architecture. It is useful to finding vulnerabilities of P2P botnets and guiding defenders to design effective detection and defending methods.

Ashfak Md Shibli,Mir Mehedi A. Pritom,Maanak Gupta

2024-02-15

Abstract:SMS phishing, also known as "smishing", is a growing threat that tricks users into disclosing private information or clicking into URLs with malicious content through fraudulent mobile text messages. In recent past, we have also observed a rapid advancement of conversational generative AI chatbot services (e.g., OpenAI's ChatGPT, Google's BARD), which are powered by pre-trained large language models (LLMs). These AI chatbots certainly have a lot of utilities but it is not systematically understood how they can play a role in creating threats and attacks. In this paper, we propose AbuseGPT method to show how the existing generative AI-based chatbot services can be exploited by attackers in real world to create smishing texts and eventually lead to craftier smishing campaigns. To the best of our knowledge, there is no pre-existing work that evidently shows the impacts of these generative text-based models on creating SMS phishing. Thus, we believe this study is the first of its kind to shed light on this emerging cybersecurity threat. We have found strong empirical evidences to show that attackers can exploit ethical standards in the existing generative AI-based chatbot services by crafting prompt injection attacks to create newer smishing campaigns. We also discuss some future research directions and guidelines to protect the abuse of generative AI-based services and safeguard users from smishing attacks.

Cryptography and Security,Artificial Intelligence