Mobile network anomaly detection and mitigation: The NEMESYS approach

Mobile malware and mobile network attacks are becoming a significant threat that accompanies the increasing popularity of smart phones and tablets. Thus in this paper we present our research vision that aims to develop a network-based security solution combining analytical modelling, simulation and learning, together with billing and control-plane data, to detect anomalies and attacks, and eliminate or mitigate their effects, as part of the EU FP7 NEMESYS project. These ideas are supplemented with a careful review of the state-of-the-art regarding anomaly detection techniques that mobile network operators may use to protect their infrastructure and secure users against malware

Invesitigation of Malware and Forensic Tools on Internet

Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques

MBotCS: A mobile botnet detection system based on machine learning

As the use of mobile devices spreads dramatically, hackers have started making use of mobile botnets to steal user information or perform other malicious attacks. To address this problem, in this paper we propose a mobile botnet detection system, called MBotCS. MBotCS can detect mobile device traffic indicative of the presence of a mobile botnet based on prior training using machine learning techniques. Our approach has been evaluated using real mobile device traffic captured from Android mobile devices, running normal apps and mobile botnets. In the evaluation, we investigated the use of 5 machine learning classifier algorithms and a group of machine learning box algorithms with different validation schemes. We have also evaluated the effect of our approach with respect to its effect on the overall performance and battery consumption of mobile devices

An integrated networkbased mobile botnet detection system

The increase in the use of mobile devices has made them target for attackers, through the use of sophisticated malware. One of the most significant types of such malware is mobile botnets. Due to their continually evolving nature, botnets are difficult to tackle through signature and traditional anomaly based detection methods. Machine learning techniques have also been used for this purpose. However, the study of their effectiveness has shown methodological weaknesses that have prevented the emergence of conclusive and thorough evidence about their merit. To address this problem, in this thesis we propose a mobile botnet detection system, called MBotCS and report the outcomes of a comprehensive experimental study of mobile botnet detection using supervised machine learning techniques to analyse network traffic and system calls on Android mobile devices. The research covers a range of botnet detection scenarios that is wider from what explored so far, explores atomic and box learning algorithms, and investigates thoroughly the sensitivity of the algorithm performance on different factors (algorithms, features of network traffic, system call data aggregation periods, and botnets vs normal applications and so on). These experiments have been evaluated using real mobile device traffic, and system call captured from Android mobile devices, running normal apps and mobile botnets. The experiments study has several superiorities comparing with existing research. Firstly, experiments use not only atomic but also box ML classifiers. Secondly, a comprehensive set of Android mobile botnets, which had not been considered previously, without relying on any form of synthetic training data. Thirdly, experiments contain a wider set of detection scenarios including unknown botnets and normal applications. Finally, experiments include the statistical significance of differences in detection performance measures with respect to different factors. The study resulted in positive evidence about the effectiveness of the supervised learning approach, as a solution to the mobile botnet detection problem