Android botnet detection using machine learning

A botnet is a network of agreed nodes spreading malware software, usually installed by all varieties of attacking methods likes worms, Trojan horses, and viruses. Many techniques have recently been proposed to block mobile malware or detect it. But our model is different on another that proposed before, it focused on 81 attributes that collected from network traffic features. We tested ten of android botnet, which are Beanbot, Biige, Fakeinst, FakeMart, FakeNotify, Jifake, Mazarbot, Nandrobox, Plankton, and SMSsniffer using Weka machine learning. We have 32762 instances, which classified as attack and not attack. We used WEKA machine learning and we tested SMO, Random Tree, J48, Naïve Bayes and LMT algorithms. The best result to classify the botnet attack was 85%. The contribution of this paper is detected major of android botnet in different scenario because we are using 81 attributes. In future work, we will attach new sub algorithm in machine learning, to improve accuracy of the result of detecting more mobile malware. © 2020 International Information and Engineering Technology Association. All rights reserved.