Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service

Authors:
Shuang Zhao;Patrick P. C. Lee;John C. S. Lui;Xiaohong Guan;Xiaobo Ma;Jing Tao
Affiliations:
Xi'an Jiatong University, China and Chinese Academy of Sciences, China;The Chinese University of Hong Kong, Hong Kong;The Chinese University of Hong Kong, Hong Kong;Xi'an Jiatong University, China;Xi'an Jiatong University, China;Xi'an Jiatong University, China
Venue:
Proceedings of the 28th Annual Computer Security Applications Conference
Year:
2012

Citing 11
Cited 0

A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior

SAINT-W '07 Proceedings of the 2007 International Symposium on Applications and the Internet Workshops
Botnet Detection by Monitoring Group Activities in DNS Traffic

CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

SS'08 Proceedings of the 17th conference on Security symposium
On cellular botnets: measuring the impact of malicious devices on a cellular network core

Proceedings of the 16th ACM conference on Computer and communications security
Accurate online power estimation and automatic battery behavior based power model generation for smartphones

CODES/ISSS '10 Proceedings of the eighth IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
Evaluating Bluetooth as a medium for botnet command and control

DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Social network-based botnet command-and-control: emerging threats and countermeasures

ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Mobile botnet detection using network forensics

FIS'10 Proceedings of the Third future internet conference on Future internet
Andbot: towards advanced mobile botnets

LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
A SMS-based mobile Botnet using flooding algorithm

WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Design of SMS commanded-and-controlled and P2P-structured mobile botnets

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Given the popularity of smartphones and mobile devices, mobile botnets are becoming an emerging threat to users and network operators. We propose a new form of cloud-based push-styled mobile botnets that exploits today's push notification services as a means of command dissemination. To motivate its practicality, we present a new command and control (C&C) channel using Google's Cloud to Device Messaging (C2DM) service, and develop a C2DM botnet specifically for the Android platform. We present strategies to enhance its scalability to large botnet coverage and its resilience against service disruption. We prototype a C2DM botnet, and perform evaluation to show that the C2DM botnet is stealthy in generating heartbeat and command traffic, resource-efficient in bandwidth and power consumptions, and controllable in quickly delivering a command to all bots. We also discuss how one may deploy a C2DM botnet, and demonstrate its feasibility in launching an SMS-Spam-and-Click attack. Lastly, we discuss how to generalize the design to other platforms, such as iOS or Window-based systems, and recommend possible defense methods. Given the wide adoption of push notification services, we believe that this type of mobile botnets requires special attention from our community.