Detection of Mobile Botnet Using VPN

Abstract

As most applications in wired networks become available on mobile devices and mobile networks are well integrated with Internet, Botnet becomes the most significant threat to mobile devices. We propose a mobile Botnet detection scheme that detects "pull" style C&C channel. Our network-based scheme detects Botnet by inspecting abnormal flow features of C&C traffic traveling through VPN which provides a shared path for both 3/4G and WiFi. Through the verification analysis under real Botnet attacks, we show that our proposed scheme provides high detection rate by using abnormal models as well as low FP rate by adding white list and signatures.