DeDroid: A Mobile Botnet Detection Approach Based on Static Analysis

Mobile botnet phenomenon is gaining popularity among malware writers in order to exploit vulnerabilities in smartphones. In particular, mobile botnets enable illegal access to a victim´s smartphone and can compromise critical user data and launch a DDoS attack through Command and Control (C&C). In this paper, we propose a static analysis approach called DeDroid, to investigate botnet-specific properties that can be used to detect mobile botnets. Initially, we identify critical features by observing coding behavior of the few known malware binaries having C&C features. Then we compare the identified features with the Drebin dataset of malicious applications and come to the conclusion that Drebin dataset has 35 percent applications which qualify as botnets. To confirm this result, we used Virus Total as a reference point which also showed comparable results of botnet detection.