A New Android Botnet Classification for GPS Exploitation Based on Permission and API Calls

Abstract

The target of botnet attacks has shifted from the personal computers to smartphones and mobile devices due to computational power and functionality of the mobile devices. Mobile botnet is a network consists of compromised mobile devices controlled by a botmaster through a command and control (C&C) network. Nowadays mobile botnets attacks are increasingly being used for advanced political or financial interest. Due to its popularity amongst the mobile operating system, Android has become the most targeted platform by the mobile botnets. The popularity of Android attracts the attackers to develop malicious applications with the botnet capability to hijack users’ devices. In this paper, a new Android botnet classification based on GPS exploitation based on permissions and API calls is proposed using feature selection. The training was carried out using malware dataset from the Drebin and tested using 800 mobile apps from the Google Play store. The experiment was conducted using static analysis and open source tools in a controlled lab environment. This new classification can be used as a reference for other researchers in the same field to secure against GPS exploitation from Android botnet attacks.