Date of Award

6-2012

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Robert F. Mills, PhD.

Abstract

This thesis addresses the emerging threat of botnets in the smartphone domain and focuses on the Android platform and botnets using short message service (SMS) as the command and control (C2) channel. With any botnet, C2 is the most important component contributing to its overall resilience, stealthiness, and effectiveness. This thesis develops a passive host-based approach for identifying covert SMS traffic and providing awareness to the user. Modifying the kernel and implementing this awareness mechanism is achieved by developing and inserting a loadable kernel module that logs all inbound SMS messages as they are sent from the baseband radio to the application processor. The design is successfully implemented on an HTC Nexus One Android smartphone and validated with tests using an Android SMS bot from the literature. The module successfully logs all messages including bot messages that are hidden from user applications. Suspicious messages are then identified by comparing the SMS application message list with the kernel log's list of events. This approach lays the groundwork for future host-based countermeasures for smartphone botnets and SMS-based botnets.

AFIT Designator

AFIT-GCO-ENG-12-21

DTIC Accession Number

ADA562722

Download

Share

COinS