Android Botnet Detection using Convolutional Neural Networks
This addresses the need for improved detection of sophisticated Android botnets, which pose a security threat to users, though it is incremental as it builds on existing ML methods with a new approach.
The paper tackles the problem of detecting Android botnets by proposing a novel method that uses Android permissions and Convolutional Neural Networks (CNNs) to classify botnets and benign applications, achieving an accuracy of 97.2% and recall of 96% on a dataset of 5450 applications.
Today, Android devices are able to provide various services. They support applications for different purposes such as entertainment, business, health, education, and banking services. Because of the functionality and popularity of Android devices as well as the open-source policy of Android OS, they have become a suitable target for attackers. Android Botnet is one of the most dangerous malwares because an attacker called Botmaster can control that remotely to perform destructive attacks. A number of researchers have used different well-known Machine Learning (ML) methods to recognize Android Botnets from benign applications. However, these conventional methods are not able to detect new sophisticated Android Botnets. In this paper, we propose a novel method based on Android permissions and Convolutional Neural Networks (CNNs) to classify Botnets and benign Android applications. Being the first developed method that uses CNNs for this aim, we also proposed a novel method to represent each application as an image which is constructed based on the co-occurrence of used permissions in that application. The proposed CNN is a binary classifier that is trained using these images. Evaluating the proposed method on 5450 Android applications consist of Botnet and benign samples, the obtained results show the accuracy of 97.2% and recall of 96% which is a promising result just using Android permissions.