Android Botnet Detection using Convolutional Neural Networks

TL;DR

This paper introduces a novel CNN-based method for detecting Android botnets by transforming permission data into images, achieving high accuracy and recall on a dataset of over 5,000 applications.

Contribution

It is the first to use CNNs with permission-based image representations for Android botnet detection, improving detection of sophisticated malware.

Findings

Accuracy of 97.2% on test data

Recall of 96% indicating effective detection

First CNN application for Android botnet detection

Abstract

Today, Android devices are able to provide various services. They support applications for different purposes such as entertainment, business, health, education, and banking services. Because of the functionality and popularity of Android devices as well as the open-source policy of Android OS, they have become a suitable target for attackers. Android Botnet is one of the most dangerous malwares because an attacker called Botmaster can control that remotely to perform destructive attacks. A number of researchers have used different well-known Machine Learning (ML) methods to recognize Android Botnets from benign applications. However, these conventional methods are not able to detect new sophisticated Android Botnets. In this paper, we propose a novel method based on Android permissions and Convolutional Neural Networks (CNNs) to classify Botnets and benign Android applications. Being the first developed method that uses CNNs for this aim, we also proposed a novel method to represent each application as an image which is constructed based on the co-occurrence of used permissions in that application. The proposed CNN is a binary classifier that is trained using these images. Evaluating the proposed method on 5450 Android applications consist of Botnet and benign samples, the obtained results show the accuracy of 97.2% and recall of 96% which is a promising result just using Android permissions.