I have research in GCM based mobile botnet attacks which use push notification as command and control channel. The botnet approach is very stealthy and silent because of other legitimate applications also using GCM push notification.
How can one distinguish the applications which use push notification as command and control?
Use bayesian for the prediction modeling of this kind of situation which will help you finding the legitimate and botnet based push. Usually, the botnet push is abnormal and you have to benchmark it.
Thank you Adnan, It seems an interesting answer but can you please more elaborate?
FYI, I am using a simple Google Cloud Messaging service model for detecting all the traffic between server and devices. But my main problem is push message is delivered by Google's legitimate server.
You can visit this :
http://securityaffairs.co/wordpress/17101/cyber-crime/android-malware-uses-google-cloud-messaging-service-as-cc-server.html
It is always normal. If u just flood a DDoS on any server whether it is hotmail, gmail or yahoo. It does the same service. You cannot do any thing on their behalf. You job is how to identify a normal and abnormal push. Just leave the google part and when u are successful then do propose it as a solution for the google. This is what we call it fruitful research
- Badges
- Science topic
- Similar topics
- Papers