Android Botnet Detection using Convolutional Neural Networks

Today, Android devices are capable of providing various services. They support applications for different purposes, such as entertainment, business, health, education, and banking services. Because of the functionality and popularity of Android devices as well as the open-source policy of Android OS, they have become a suitable target for attackers. An Android botnet is one of the most dangerous malware because an attacker called botmaster can remotely control that to perform destructive attacks. Several researchers have used different well-known Machine Learning (ML) methods to recognize Android botnets from benign applications. However, these conventional methods are not capable of detecting new sophisticated Android botnets. In this paper, we propose a novel method based on Android permissions and Convolutional Neural Networks (CNNs) to detect Android botnet applications. Being the first developed method that applies CNNs for this aim, we also proposed a novel method to represent each application as an image that is constructed based on the co-occurrence of permissions given to that application. The proposed CNN is a binary classifier that is trained using these images. Evaluating the proposed method on 5450 Android applications consist of botnet and benign samples, the obtained results show the accuracy of 97.2% and recall of 96%, which is a promising result only using Android permissions.