Android botnet detection: An integrated source code mining approach

Android is one of the most popular smartphone operating systems. This makes it one of the default targets for malicious cyber-attacks. Android's Play Store is not very restrictive which makes installing malicious apps easy. Botnets are amongst the most dangerous hacking approaches that are used nowadays on the internet. It is common for botnet developers to target smartphone users to install their malicious tools and target a larger number of devices. This is often done to gain access to sensitive data such as credit card details, or to cause damage to individual hosts or organisation resources by executing denial of service attacks. In this paper, we propose an approach to identify botnet Android mobile apps by means of source code mining. We analyse the source code via reverse engineering and data mining techniques for several examples of malicious and non-malicious apps. We use two approaches to build datasets. In the first, we perform text mining on the source code and construct several datasets and in the second we build one dataset by extracting source code metrics using an open-source tool. After building the datasets, we run several classification algorithms and assess their performance. Initial results show a high level of accuracy.