The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

An Efficient Bot Detection Mechanism in Smartphones

스마트폰에서 효율적인 봇 탐지 기법

  • 최우진 (한국산업기술대학교 컴퓨터공학부) ;
  • 박지연 (LG전자 SW엔지니어) ;
  • 정진만 (한남대학교 정보통신공학과) ;
  • 허준영 (한성대학교 컴퓨터공학과) ;
  • 전광일 (한국산업기술대학교 컴퓨터공학부)
  • Received : 2015.01.17
  • Accepted : 2015.02.13
  • Published : 2015.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, with increasing use of smartphones, the security threats also have increased rapidly. Especially, the compromised smartphone is very dangerous because it could be exploited in a DDOS attacks such as cyberterrorism as well as in the leakage of personal information. However, most bot detection mechanisms are still unsuitable for smartphone with its lower computing capability and limited battery capacity because they incur additional computational overheads or require pre-defined signatures. In this paper, we present an efficient bot detection mechanism in smartphones. Our mechanism detects effectively bots in outgoing traffic by using a correlation between user events and network traffic. We have implemented its prototype in Android smartphone and measured its performance. The evaluation results show that our mechanism provides low overhead to detect bots in smartphones.

최근 스마트폰의 급속한 확대로 다양한 형태의 보안 위협이 증가하고 있다. 그 중 감염된 스마트폰은 개인정보 유출뿐만 아니라 사이버 테러와 같은 DDOS 공격에도 악용될 수 있어 매우 위험하다. 하지만 기존 기법들은 배터리를 사용하는 스마트폰에서는 적합하지 않거나 별도의 저장소를 필요로 하는 문제점이 있다. 본 논문에서는 스마트폰에서 효율적인 봇 탐지 기법을 제안한다. 제안 기법은 수신 트래픽을 대상으로 탐지하는 기존 기법과 다르게 제안 기법은 송신 트래픽만을 대상으로 탐지하므로 수신 트래픽보다 송신 트래픽이 적은 스마트폰에서 더욱 에너지 효율적이다. 또한 의도하지 않은 트래픽을 유발하는 로그 정보들을 외부 통합 서버에 수집하여 봇뿐만 아니라 봇넷을 탐지할 수 있다. 제안 기법을 안드로이드 스마트폰에서 구현하고 성능 평가를 한 결과 효과적으로 봇을 탐지할 수 있음을 확인하였다.

Keywords

References

  1. J. Baek and J. Park, "A study of analysis and improvement of security vulnerability in Bluetooth for data transfer", Journal of the Korea Academia-Industrial cooperation Society(JKAIS), Vol. 12, No. 6, pp. 2801-2806, 2011. https://doi.org/10.5762/KAIS.2011.12.6.2801
  2. K. Shin, U. Park and M. Jun, "A Design of SMS DDoS Detection and Defense Method using Counting Bloom Filter", In Proceedings of the KAIS Fall Conference, Vol. 1, pp. 53-56, 2011.
  3. H. Yang, "A Study of Security Weaknesses of QR Codes and Its Countermeasures", The journal of the Institute of Internet Broadcasting and Communication (JIIBC), vol. 12, no. 1, pp. 83-89, 2012. https://doi.org/10.7236/JIWIT.2012.12.1.83
  4. S. Kim, D. Choi and B. An, "Detection and Prevention Method by Analyzing Malignant Code of Malignant Bot", The journal of the Institute of Internet Broadcasting and Communication (JIIBC), Vol. 13, No. 2, pp. 199-207, 2013. https://doi.org/10.7236/JIIBC.2013.13.2.199
  5. G. Geng, G. Xu, M. Zhang, Y. Guo, G. Yang, and C. Wei. "The design of sms based heterogeneous mobile botnet", Journal of Computers, Vol. 7, No. 1, pp. 235-243, 2012.
  6. G. Weidman. "Transparent botnet command and control for smartphones over sms", In Proceedings of Shmoocon, 2011.
  7. C. Mulliner and J. Seifert, "Rise of the ibots: Owning a telco network", In Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software (Malware), pp. 19-20, 2010.
  8. K. Singh, S. Sangal, N. Jain, P. Traynor, and W. Lee, "Evaluating bluetooth as a medium for botnet command and control", Detection of Intrusions and Malware, and Vulnerability Assessment, Vol. 6201, pp. 61-80, 2010.
  9. X. Kou and Q. Wen, "Intrusion detection model based on android", Broadband Network and Multimedia Technology (IC-BNMT), pp. 624-628, 2011.
  10. G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra, "MADAM: A Multi-level Anomaly Detector for Android Malware", In Proceedings of the 6th International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS'12), pp. 240-253, 2012.
  11. J. Cheng, S.H.Y. Wong, H. Yang, and S. Lu, "SmartSiren: virus detection and alert for smartphones", In Proceedings of the 5th international conference on Mobile systems, applications and services (MobiSys'07), pp. 258-271, 2007.
  12. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, "Paranoid Android: versatile protection for smartphones", In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC'10), pp. 347-356, 2010.
  13. W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel and A. Sheth, "TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones", In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, pp. 1-6, 2010.
  14. L. Liu, G. Yan, X. Zhang, and S. Chen, "VirusMeter: Preventing Your Cellphone from Spies", In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID'09), pp. 244-264, 2009.
  15. Y. Zhou and X.Jiang, "Dissecting Android Malware: Characterization and Evolution", In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP'12), pp. 95-109, 2012.