TY - JOUR
T1 - Botnet command and control based on Short Message Service and human mobility
AU - Hua, Jingyu
AU - Sakurai, Kouichi
N1 - Copyright:
Copyright 2013 Elsevier B.V., All rights reserved.
PY - 2013/2/4
Y1 - 2013/2/4
N2 - Many serious threats for PCs are spreading to the mobile environment. A mobile botnet, which is a collection of hijacked smartphones under the control of hackers, is one of them. With the quick development of the computing and communication abilities of smartphones, many command and control (C&C) techniques in PC botnets can be easily reused in mobile botnets. However, some particular functions and characteristics of smartphones may provide botmasters with additional means to control their mobile botnets. This paper presents two special C&C mechanisms that leverage Short Message Service and human mobility, respectively. The first one designs a SMS-based flooding algorithm to propagate commands. We theoretically prove that the uniform random graph is the optimal topology for this botnet, and demonstrate its high efficiency and stealth with various simulations. The second one utilizes Bluetooth to transmit botnet commands when hijacked smartphones encounter each other while in motion. We study its performance in a 100 m × 100 m square area with NS-2 simulations, and show that human-mobility characteristics facilitate the command propagation. Even if the infection rate is low, the command can still be effectively propagated provided that the mobility of devices is high. In the end, we propose effective defense strategies against these two special C&C mechanisms.
AB - Many serious threats for PCs are spreading to the mobile environment. A mobile botnet, which is a collection of hijacked smartphones under the control of hackers, is one of them. With the quick development of the computing and communication abilities of smartphones, many command and control (C&C) techniques in PC botnets can be easily reused in mobile botnets. However, some particular functions and characteristics of smartphones may provide botmasters with additional means to control their mobile botnets. This paper presents two special C&C mechanisms that leverage Short Message Service and human mobility, respectively. The first one designs a SMS-based flooding algorithm to propagate commands. We theoretically prove that the uniform random graph is the optimal topology for this botnet, and demonstrate its high efficiency and stealth with various simulations. The second one utilizes Bluetooth to transmit botnet commands when hijacked smartphones encounter each other while in motion. We study its performance in a 100 m × 100 m square area with NS-2 simulations, and show that human-mobility characteristics facilitate the command propagation. Even if the infection rate is low, the command can still be effectively propagated provided that the mobility of devices is high. In the end, we propose effective defense strategies against these two special C&C mechanisms.
UR - http://www.scopus.com/inward/record.url?scp=84875220585&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84875220585&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2012.06.007
DO - 10.1016/j.comnet.2012.06.007
M3 - Article
AN - SCOPUS:84875220585
VL - 57
SP - 579
EP - 597
JO - Computer Networks
JF - Computer Networks
SN - 1389-1286
IS - 2
ER -