Mobile Botnet Detection Using Network Forensics

  • Ickin Vural
  • Hein Venter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6369)


Malicious software (malware) infects large numbers of computers around the world. This malware can be used to promote unwanted products, disseminate offensive content, or provide unauthorized access to personal and financial information. Until recently mobile networks have been relatively isolated from the Internet, so there has been little need to protect them against Botnets. Mobile networks are now well integrated with the internet, so threats on the internet such as Botnets have started to migrate onto mobile networks. Botnets on mobile devices will probably appear very soon, there are already signs that this is happening. This paper studies the potential threat of Botnets based on mobile networks, and proposes the use of computational intelligence techniques to detect Botnets. We then simulate anomaly detection followed by an interpretation of the simulated values.


Botnet mobile malware computational intelligence network forensics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Internet Service Providers’ Association, ‘What is Spam?’ (2008), (April 2009)
  2. 2.
    More malware – adware, spyware, spam and spim, High tech crime brief, Australian institute of criminology (2006)Google Scholar
  3. 3.
    Security Vision from McFee Avert Labs, The Future of Security (2007)Google Scholar
  4. 4.
  5. 5.
    Cooke, E., Jahanian, F., McPherson, D.: The advanced computing systems association. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets (2005), (April 2009)
  6. 6.
    The Economist “Big brother bosses” (September 11, 2009), (September 2009)
  7. 7.
    Kasera, S., Narang, N.: 3G Mobile Networks. Architecture, Protocols and Procedure, limited edn. Tata MCGraw-Hill Publishing Company, New York (2005)Google Scholar
  8. 8.
    Mehrotra, A., Golding, L.S.: Mobility and security management in the gsm system and some proposed future improvements. Proceedings of the IEEE 86(7), 1480–1497 (1998)CrossRefGoogle Scholar
  9. 9.
    Bodic, G.L.: Mobile Messaging technologies and services, 2nd edn. Wiley and Sons Ltd., Chichester (2005)CrossRefGoogle Scholar
  10. 10.
    Flo, A.R., Josang, A.: Consequences of Botnets Spreading to Mobile Devices. In: Short-Paper Proceedings of the 14th Nordic Conference on Secure IT Systems (NordSec 2009), Oslo (October 2009)Google Scholar
  11. 11.
    Kim, J.-Y., Choi, H.-K.: Spam Traffic Characterization. In: The 23rd International Technical Conference on Circuits/Systems, Computers and CommunicationsGoogle Scholar
  12. 12.
    Information Security Magazine, “Network Security”, (September 2009)
  13. 13.
    Mukkamala, S., Sung, A.H.: Identifying significant features for network forensic analysis using artificial intelligent techniques. Int’l Journal of Digital Evidence 1(4), 1–7 (2003)Google Scholar
  14. 14.
    Garfinkel, S.: Web Security, Privacy & Commerce, 2nd edn,
  15. 15.
    Negnevitsky, M., Lim, M.J.-H., Hartnett, J., Reznik, L.: Sms Communications Analysis: How to Use Computational Intelligence Methods and Tools? In: Proceedings of the 2005 IEEE International Conference Computational Intelligence for Homeland Security and Personal Safety, CIHSPS 2005, March 31-April 1, pp. 16–23 (2005)Google Scholar
  16. 16.
    Negnevitsky, M.: Artificial Intelligence: A Guide to Intelligent Systems, 2nd edn. Addison Wesley, Essex (2005)Google Scholar
  17. 17.
    Sharafat, R., Rasti, M., Yazdian, A.: Neural network based anomaly detection in computer networks: a novel training paradigm. In: ISCA 16th International Conference: Computer Applications in Industry and Engineering, Las Vegas, NV, pp. 50–53. ISCA, Cary (2003)Google Scholar
  18. 18.
    Dunn, P.F.: Measurement and Data Analysis for Engineering and Science. McGraw–Hill, New York (2005), ISBN 0-07-282538-3Google Scholar
  19. 19.
    Chatfield, C.: The Analysis of Time Series: An Introduction, 5th edn. Chapman and Hall, London (1996)zbMATHGoogle Scholar
  20. 20.
    Lim, M.J.-H., Negnevitsky, M., Hartnett, J.: A fuzzy approach for detecting anomalous behaviour in e-mail traffic. In: Valli, C., Woodward, A. (eds.) 4th Australian Digital Forensics Conference, pp. 36–49. School of Computer and Information Science, Edith Cowan University, Perth (2006)Google Scholar
  21. 21.
    Kim, J.-Y., Choi, H.-K.: Spam Traffic Characterization. In: The 23rd International Technical Conference on Circuits/Systems, Computers and CommunicationsGoogle Scholar
  22. 22.
    Cho, S.B.: Incorporating soft computing techniques into a probabilistic intrusion detection system. IEEE Transactions on Systems Manand Cybernetics Part C-Applications and Reviews 32(2), 154–160 (2002)CrossRefGoogle Scholar
  23. 23.
    Dickerson, J.E., Juslin, J., Koukousoula, O., Dickerson, J.A.: Fuzzy intrusion detection. In: Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference, vol. 3, pp. 1506–1510 (2001)Google Scholar
  24. 24.
    Butto, M., Naldi, M., Neri, A.: Fuzzy logic-based diagnosis of traffic anomalies in voice networks. Journal of Network and Systems Management 9(2), 161–182 (2001)CrossRefGoogle Scholar
  25. 25.
    Gomez, J., Gonzalez, F., Dasgupta, D.: An immuno-fuzzy approachto anomaly detection. In: 12th IEEE International Conference on Fuzzy Systems, vol. 2, pp. 1219–1224 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Ickin Vural
    • 1
  • Hein Venter
    • 1
  1. 1.Department of Computer ScienceUniversity of PretoriaPretoria

Personalised recommendations