Research On Technologies Of Moblie Botnets With Multiple Message Push Servers

With the efficient Mobile Internet access and increasing powerful computing capabilities of mobile device, the mobile botnet has becoming an emerging threat in the mobile Internet. A mobile botnet can easily steal user private information from lots of compromised smartphones and cause financial loss to victims. However, the existing push-styled mobile botnets usually rely on a single command and control channel with one push server to disseminate commands, which can become a single point of failure or bottleneck. The attacker may exploit a botnet with better performance in real-world situations.This thesis proposes a novel cloud based mobile botnet using multiple push servers and researchs on technologies of this mobile botnet. Firstly, designing botnet architecture based on a hybrid structure to scale the botnet. To solve the single point failure in the centralized structure, multiple push servers are proposed to replace single push server. The hybrid structure is implemented with different bot identities, identity switch algorithm and Trible-Channel model on the basic of multiple push servers. The robustness and scalability of the botnet architecture is also analyzed. Secondly, designing the command and control of multiple push servers to schedule the hybrid command and control channel. In the metrics model of push servers, the path delay is measured to note the server performance and The DBSCAN cluster algorithm is used to group bots in order to reduce the scheduling cost. Then the HTTP Restful interface and weighted-round robin algorithm is introduced to compose and disseminate commands. A botnet recover command with low traffic cost is also designed.Finally, experiment is implemented with ten popular push services. The botnet prototype is established and the command and control stimulation is conducted. Experimental results demonstrate that the proposed mobile botnet significantly outperform existing proposed push-styled mobile botnets in terms of robustness, scalability, strealthiness and controllability, making it possible to design the detection algorithm.