Abstract
As the use of Android mobile phones grows, botnets are increasingly targeting smartphone features, which calls for further research on mobile botnet detection. Short Message Service (SMS) has become increasingly targeted by a number of malicious applications ("apps") that have the ability to abuse SMS features in order to send spam, to transfer command and control (C&C) instructions, to distribute malicious applications via URLs embedded in text messages, to send text messages to premium-rate numbers, and to exploit smartphones. In this paper, we propose an SMS-based mobile botnet detection module that employs unsupervised learning techniques, using clustering algorithms to group SMS messages into four classes and to classify reported text messages to one of those four classes. The module also uses a robust and efficient behavioural profiling analysis to detect whether there is any correlation between cluster outputs and alerts from reported profiles. Rule-based correlations are used to label SMS messages as either normal or malicious.