Robust peer to peer mobile botnet detection by using communication patterns

Abstract

© 2018 Association for Computing Machinery. Botnet on a mobile platform is one of the severe problems for the Internet security. It causes damages to both individual users and the economic system. Botnet detection is required to stop these damages. However, botmasters keep developing their botnets. Peer-to-peer (P2P) connection and encryption are used in the botnet communication to avoid the exposure and takedown. To tackle this problem, we propose the P2P mobile botnet detection by using communication patterns. A graph representation called "graphlet" is used to capture the natural communication patterns of a P2P mobile botnet. The graphlet-based detection does not violate the user privacy, and also effective with encrypted traffic. Furthermore, a machine learning technique with graphlet-based features can detect the P2P mobile botnet even it runs simultaneously with other applications such as Facebook, Line, Skype, YouTube, and Web. Moreover, we employ the Principal Components Analysis (PCA) to analyze graphlet’s features to leverage the detection performance when the botnet coexists with dense traffic such as Web traffic. Our work focuses on the real traffic of an advanced P2P mobile botnet named "NotCompatible.C". The detection performance shows high F-measure scores of 0.93, even when sampling only 10% of traffic in a 3-minute duration.