MUSE: Towards Robust and Stealthy Mobile Botnets via Multiple Message Push Services
详细信息    查看全文
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2016
  • 出版时间:2016
  • 年:2016
  • 卷:9722
  • 期:1
  • 页码:20-39
  • 全文大小:2,086 KB
  • 参考文献:1.Anagnostopoulos, M., Kambourakis, G., Gritzalis, S.: New facets of mobile botnet: architecture and evaluation. Int. J. Inf. Secur. 1–19 (2015)
    2.Chen, W., Yin, C., Zhou, S., Yan, X.: Cloud-based mobile botnets using multiple push servers. In: 2015 Seventh International Symposium on Parallel Architectures, Algorithms and Programming (PAAP), pp. 183–189. IEEE (2015)
    3.Cui, X., Fang, B., Liao, P., Liu, C.: Advanced triple-channel botnets: model and implementation. In: Proceedings of CCS (2012)
    4.Cui, X., Fang, B., Yin, L., Liu, X., Zang, T.: Andbot: towards advanced mobile botnets. In: Proceedings of LEET (2011)
    5.Eslahi, M., Rostami, M.R., Hashim, H., Tahir, N.M., Naseri, M.V.: A data collection approach for mobile botnet analysis and detection. In: 2014 IEEE Symposium on Wireless Technology and Applications (ISWTA), pp. 199–204, September 2014
    6.Handy, M., Haase, M., Timmermann, D.: Low energy adaptive clustering hierarchy with deterministic cluster-head selection. In: Proceedings of IEEE MWCN (2002)
    7.Hua, J., Sakurai, K.: Botnet command and control based on short message service and human mobility. Comput. Netw. 57(2), 579–597 (2013)CrossRef
    8.Karim, A., Shah, S.A.A., Salleh, R.: New perspectives in information systems and technologies. In: Rocha, Á., Correia, A.M, Tan, F.B., Stroetmann, K.A. (eds.) Mobile Botnet Attacks: A Thematic Taxonomy, vol. 2, pp. 153–164. Springer International Publishing, Cham (2014). ISBN=978-3-319-05948-8
    9.Khattak, S., Ramay, N., Khan, K., Syed, A., Khayam, S.: A taxonomy of botnet behavior, detection, and defense. IEEE Commun. Surv. Tutor. 16(2), 898–924 (2014)CrossRef
    10.Lee, H., Kang, T., Lee, S., Kim, J., Kim, Y.: Punobot: mobile botnet using push notification service in android. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 124–137. Springer, Heidelberg (2014)CrossRef
    11.Luo, X., Chan, E., Zhou, P., Chang, R.: Robust network covert communications based on TCP and enumerative combinatorics. IEEE Trans. Dependable Secure Comput. 9(6), 890–902 (2012)CrossRef
    12.Luo, X., Zhou, H., Yu, L., Xue, L., Xie, Y.: Characterizing mobile *-box applications. Comput. Netw. 103, 228–239 (2016)CrossRef
    13.Mullaney, C.: Android.Bmaster: a million-dollar mobile botnet (2012). http://​goo.​gl/​sxpoNN
    14.Mulliner, C., Seifert, J.P.: Rise of the iBots: owning a telco network. In: Proceedings of IEEE MALWARE (2010)
    15.Pieterse, H., Olivier, M.: Design of a hybrid command and control mobile botnet. In: Proceedings of the 8th International Conference on Information Warfare and Security, ICIW 2013, p. 183. Academic Conferences Limited (2013)
    16.Rodríguez-Gómez, R., Maciá-Fernández, G., García-Teodoro, P.: Survey and taxonomy of botnet research through life-cycle. ACM Comput. Surv. 45(4), 45 (2013)CrossRef
    17.Silva, S., Silva, R., Pinto, R., Salles, R.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)CrossRef
    18.Singh, K., Sangal, S., Jain, N., Traynor, P., Lee, W.: Evaluating bluetooth as a medium for botnet command and control. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 61–80. Springer, Heidelberg (2010)CrossRef
    19.Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of ACM CCS (2009)
    20.Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE TDSC 7(2), 113 (2010)
    21.Wu, Z., Gianvecchio, S., Xie, M., Wang, H.: Mimimorphism: a new approach to binary code obfuscation. In: Proceedings of ACM CCS (2010)
    22.Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and P2P-structured mobile botnets. In: Proceedings of WiSec (2012)
    23.Zhao, S., Lee, P., Lui, J., Guan, X., Ma, X., Tao, J.: Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service. In: Proceedings of ACSAC (2012)
    24.Zhou, Y., Jiang, X.: An analysis of the AnserverBot trojan (2011). http://​goo.​gl/​Dz8qda
    25.Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of IEEE Symposium on Security and Privacy (2012)
  • 作者单位:Wei Chen (15)
    Xiapu Luo (16) (17)
    Chengyu Yin (15)
    Bin Xiao (16)
    Man Ho Au (16)
    Yajuan Tang (18)

    15. School of Computer, Nanjing University of Posts and Telecommunications, Nanjing, China
    16. Department of Computing, The Hong Kong Polytechnic University, Hung Hom, Hong Kong
    17. The Hong Kong Polytechnic University Shenzhen Research Institute, Shenzhen, China
    18. College of Engineering, Shantou University, Shantou, China
  • 丛书名:Information Security and Privacy
  • ISBN:978-3-319-40253-6
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
  • 卷排序:9722
文摘
Exploiting unique features in mobile networks and smartphones, mobile botnets pose a severe threat to mobile users, because smartphones have become an indispensable part of our daily lives and carried a lot of private information. However, existing mobile botnets usually rely on a single command and control channel (e.g., a push server or an SMS server) to disseminate commands, which can become the bottleneck or a single point of failure, without considering the robustness. In this paper, we propose MUSE, a novel multiple push service-based botnet, which can significantly outperform existing push-styled mobile botnets in terms of robustness, controllability, scalability, and stealthiness. Although the basic idea of using multiple push services seems straightforward, we explore the design space of exploiting such services and tackle several challenging issues to overcome the limitations of existing push-styled mobile botnets. We have implemented MUSE by exploiting ten popular push services and evaluated it through extensive experiments. The results demonstrate not only MUSE’s feasibility but also its advantages, such as stealthiness, controllability etc.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700