A deep learning-enhanced botnet detection system based on Android manifest text mining

Android botnets remain a significant threat to mobile and IoT systems and networks as they continue to infect millions of devices worldwide. Therefore, there is a need to develop more effective solutions to tackle their spread. Hence, in this paper we propose a system for detecting Android botnets through automated text mining of the manifest files obtained from apps. The proposed method utilizes NLP techniques to extract features from the manifest files and a deep learning-based classification model is used to detect botnet applications. The classification model is implemented using CNN and a traditional machine learning classifier such as SVM, Random Forest or KNN. We performed experiments to evaluate the proposed system with 3858 Android applications consisting of 1929 botnet and 1929 benign samples. The results showed the best overall performance with the CNN-SVM hybrid model which had an average accuracy of 96.9% thus outperforming the singular machine learning classifiers.