TY - JOUR
T1 - Botnet command and control based on Short Message Service and human mobility
AU - Hua, Jingyu
AU - Sakurai, Kouichi
N1 - Funding Information:
The authors thank the anonymous reviewers, guest editors and Dr. Harry Rudin (Editor-in-Chief) for their insightful comments and suggestions that helped to improve the quality of this paper. Jingyu Hua received the B.E. degree and M.E. degree in software engineering from Dalian University of Technology in 2007 and 2009, respectively. Now he is a Ph.D. candidate in Kyushu University, supported by China Governmental Scholarship. His current research interests include intrusion detection, malware modeling and prevention. Kouichi Sakurai received the B.S. degree in mathematics from Faculty of Science, Kyushu University and the M.S. degree in applied science from the Faculty of Engineering, Kyushu University in 1986 and 1988, respectively. He was engaged in research and development on cryptography and information security at the Computer and Information Systems Laboratory of Mitsubishi Electric Corporation from 1988 to 1994. He received his doctorate in engineering from the Faculty of Engineering, Kyushu University in 1993. From 1994, he worked for the Department of Computer Science of Kyushu University as an associate professor, and became a full professor in 2002. His current research interests are in cryptography and information security. He is a member of the Information Processing Society of Japan, the Mathematical Society of Japan, ACM, IEEE and the International Association for Cryptologic Research.
PY - 2013/2/4
Y1 - 2013/2/4
N2 - Many serious threats for PCs are spreading to the mobile environment. A mobile botnet, which is a collection of hijacked smartphones under the control of hackers, is one of them. With the quick development of the computing and communication abilities of smartphones, many command and control (C&C) techniques in PC botnets can be easily reused in mobile botnets. However, some particular functions and characteristics of smartphones may provide botmasters with additional means to control their mobile botnets. This paper presents two special C&C mechanisms that leverage Short Message Service and human mobility, respectively. The first one designs a SMS-based flooding algorithm to propagate commands. We theoretically prove that the uniform random graph is the optimal topology for this botnet, and demonstrate its high efficiency and stealth with various simulations. The second one utilizes Bluetooth to transmit botnet commands when hijacked smartphones encounter each other while in motion. We study its performance in a 100 m × 100 m square area with NS-2 simulations, and show that human-mobility characteristics facilitate the command propagation. Even if the infection rate is low, the command can still be effectively propagated provided that the mobility of devices is high. In the end, we propose effective defense strategies against these two special C&C mechanisms.
AB - Many serious threats for PCs are spreading to the mobile environment. A mobile botnet, which is a collection of hijacked smartphones under the control of hackers, is one of them. With the quick development of the computing and communication abilities of smartphones, many command and control (C&C) techniques in PC botnets can be easily reused in mobile botnets. However, some particular functions and characteristics of smartphones may provide botmasters with additional means to control their mobile botnets. This paper presents two special C&C mechanisms that leverage Short Message Service and human mobility, respectively. The first one designs a SMS-based flooding algorithm to propagate commands. We theoretically prove that the uniform random graph is the optimal topology for this botnet, and demonstrate its high efficiency and stealth with various simulations. The second one utilizes Bluetooth to transmit botnet commands when hijacked smartphones encounter each other while in motion. We study its performance in a 100 m × 100 m square area with NS-2 simulations, and show that human-mobility characteristics facilitate the command propagation. Even if the infection rate is low, the command can still be effectively propagated provided that the mobility of devices is high. In the end, we propose effective defense strategies against these two special C&C mechanisms.
UR - http://www.scopus.com/inward/record.url?scp=84875220585&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84875220585&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2012.06.007
DO - 10.1016/j.comnet.2012.06.007
M3 - Article
AN - SCOPUS:84875220585
SN - 1389-1286
VL - 57
SP - 579
EP - 597
JO - Computer Networks
JF - Computer Networks
IS - 2
ER -