Mobile devices have become the most widely used technology, but they are also vulnerable to botnet-related malware. One example is FluBot, a botnet malware that specifically targets mobile devices. FluBot uses Domain Generation Algorithms (DGA) to communicate with its Command and Control Server (C2). To address this issue, MONDEO was developed as a lightweight solution that can detect DNS-based botnet malware without requiring software deployment or configuration on mobile devices. MONDEO consists of four detection stages: Blacklisting/Whitelisting, Query rate analysis, DGA analysis, and Machine learning evaluation. It has been tested on various datasets and has demonstrated high efficiency and performance, particularly with RandomForest classifiers. The implementation of MONDEO can be found on GitHub.
Mondeo: A Multistage Approach for Detecting Botnets
