Design of a hybrid command and control mobile botnet

Pieterse, Heloise

January 2014

Mobile devices have excelled in the 21st century due to the increasing popularity and continuous improvement of mobile technology. Today mobile devices have become all-in-one portable devices, providing inter-connectivity, device-to-device communication and the capability to compete with personal computers. The improved capabilities and popularity of mobile devices have, however, caught the attention of botnet developers, allowing the threat of botnets to move into the mobile environment. A mobile botnet is de fined as a collection of compromised mobile devices, controlled by a botmaster through a command and control (C&C) network to serve a malicious purpose. Previous studies of mobile botnet designs focused mostly on the C&C structure, investigating other mechanisms as potential C&C channels. None of these studies dealt with the use of a hybrid C&C structure within a mobile botnet design. This research consequently examines the problem of designing a new mobile botnet that uses a hybrid C&C structure. A model of this new hybrid design is proposed, describing the propagation vectors, C&C channels, and the topology. This hybrid design, called the Hybrid Mobile Botnet, explores the efficiency of multiple C&C channels against the following characteristics: no single point of failure must exist in the topology, low cost for command dissemination, limited network activities and low battery consumption per bot. The objectives were measured by using a prototype built according to the Hybrid Mobile Botnet model. The prototype was deployed on a small collection of mobile devices running the Android operating system. In addition, the prototype allowed for the design of a physical Bluetooth C&C channel, showing that such a channel is feasible, able to bypass security and capable of establishing a stealthy C&C channel. The successful execution of the prototype shows that a hybrid C&C structure is possible, allowing for a stealthy and cost-eff ective design. It also revels that current mobile technology is capable of supporting the development and execution of hybrid mobile botnets. Finally, this dissertation concludes with an exploration of the future of mobile botnets and the identifi cation of security steps users of mobile devices can follow to protect against their attacks. / Dissertation (MSc)--University of Pretoria, Pretoria 2014 / Computer Science / unrestricted

Mobile botnet

UCTD

M14/9/456s/gm

Impact of mobile botnet on long term evolution networks: a distributed denial of service attack perspective

Kitana, Asem

31 March 2021

In recent years, the advent of Long Term Evolution (LTE) technology as a prominent component of 4G networks and future 5G networks, has paved the way for fast and new mobile web access and application services. With these advantages come some security concerns in terms of attacks that can be launched on such networks. This thesis focuses on the impact of the mobile botnet on LTE networks by implementing a mobile botnet architecture that initiates a Distributed Denial of Service (DDoS) attack. First, in the quest of understanding the mobile botnet behavior, a correlation between the mobile botnet impact and different mobile device mobility models, is established, leading to the study of the impact of the random patterns versus the uniform patterns of movements on the mobile botnet’s behavior under a DDoS attack. Second, the impact of two base transceiver station selection mechanisms on a mobile botnet behavior launching a DDoS attack on a LTE network is studied, the goal being to derive the effect of the attack severity of the mobile botnet. Third, an epidemic SMS-based cellular botnet that uses an epidemic command and control mechanism to initiate a short message services (SMS) phishing attack, is proposed and its threat impact is studied and simulated using three random graphs models. The simulation results obtained reveal that (1) in terms of users’ mobility patterns, the impact of the mobile botnet behavior under a DDoS attack on a victim web server is more pronounced when an asymmetric mobility model is considered compared to a symmetric mobility model; (2) in terms of base transceiver station selection mechanisms, the Distance-Based Model mechanism yields a higher threat impact on the victim server compared to the Signal Power Based Model mechanism; and (3) under the Erdos-and-Reyni Topology, the proposed epidemic SMS-based cellular botnet is shown to be resistant and resilient to random and selective cellular device failures. / Graduate

Mobile Botnet

LTE

Long Term Evolution Network

Distributed Denial of Service Attack

DDoS

Cellular Botnet

Botnet

Cybersecurity

Cyber Security

Cyber Attacks