Multimedia Tools and Applications

, Volume 76, Issue 4, pp 6079–6096 | Cite as

A multi-feature approach to detect Stegobot: a covert multimedia social network botnet



Online Multimedia Social Networks(OSNs) are popular and efficient medium for millions of users. Unfortunately, in wrong hands, they are also effective medium for spreading social malware and propagation of social botnet. A newly proposed multimedia social network threat, Stegobot masks crucial information in a digital image by using a technique known as steganography. Stegobot works by first infecting a computer and then communicates the stolen information, which could be login passwords, bank account details or credit card numbers. Also it efficiently utilizes the advantage of image steganography to hide the presence of communication within the image sharing behavior of OSNs. Since these social bots exhibit unobservable communication channels, existing botnet detection mechanisms cannot be applied to such botnets. In this paper, we present a novel host based method for detecting and differentiating Stegobot profiles. Also the proposed method shows the ability to detect Stegobot network traffic which is inherently different from legitimate multimedia social network traffic. The best performance of our detection system is demonstrated on different social networks data set with different evaluation metrics. Multiple aspects of multimedia attributes proposed in this study help to explore the hidden communication structure of botnet. Stegobot profiles mimic genuine users and compromise other vulnerable users in social network. By using single view features alone it is very difficult to detect bot profiles as well as Stegobot communications and hence in this work a multi-feature approach is considered. Also, this work attempts to help network security experts and forensic analysts to understand the Stegobot communication and the key profiles inside the malicious network.


Multimedia Social Network Botnet Stegobot traffic Image steganography Malicious profile Botnet detection 


  1. 1.
    Angelopoulou O (2007) ID Theft: A computer forensics’ investigation Framework. School of Computer and Information Science. Edith Cowan University, PerthGoogle Scholar
  2. 2.
    Benevenuto F, Rodrigues T, Almeida V, Almeida J, Gonalves M (2009) Detecting spammers and content promoters in online video social networks. In: Proceedings of the 32nd international ACM SIGIR conference on Research and development in information retrieval, pp 620–627Google Scholar
  3. 3.
    Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social Botnet. Comput Netw 57(2):556–578CrossRefGoogle Scholar
  4. 4.
    Buscarino A, Frasca M, Fortuna L, Fiore A.S (2012) A new model for growing social networks. IEEE Syst J 6(3):531–538CrossRefGoogle Scholar
  5. 5.
    Cao Q, Sirivianos M, Yang X, Pregueiro T (2012) Aiding the detection of fake accounts in large scale social online services. In: Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation (pp. 15-15). USENIX AssociationGoogle Scholar
  6. 6.
    Castillo C, Donato D, Gionis A, Murdock V, Silvestri F (2007) Know your neighbors: Web spam detection using the web topology. In: Proceedings of the 30th annual international ACM SIGIR conference on Research and development in information retrieval, pp 423–430Google Scholar
  7. 7.
    Ellison NB (2007) Social network sites: Definition, history, and scholarship. J Comput.-Mediat Commun 13(1):210–230MathSciNetCrossRefGoogle Scholar
  8. 8.
    Fedynyshyn G, Chuah MC, Tan G (2011) Detection and classification of different Botnet C & C channels. In: Autonomic and Trusted Computing. Springer, Berlin, pp 228–242Google Scholar
  9. 9.
    Fire M, Katz G, Elovici Y (2012) Strangers intrusion detection-detecting spammers and fake proles in social networks based on topology anomalies. HUMAN 1 (1):26Google Scholar
  10. 10.
    Fridrich J, Goljan M, Hogea D (2003) Steganalysis of JPEG images: Breaking the F5 algorithm. In: Information Hiding. Springer, Berlin, pp 310–323Google Scholar
  11. 11.
    Gao H, Hu J, Wilson C, Li Z, Chen Y, Zhao BY (2010) Detecting and characterizing social spam campaigns. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp 35–47Google Scholar
  12. 12.
    Gowacz A, Grega M, Gwiazda P, Janowski L, Leszczuk M, Romaniak P, Romano S.P (2010) Automated qualitative assessment of multi-modal distortions in digital images based on GLZ. Ann Telecommun-annales des tlcommunications 65 (1-2):3–17CrossRefGoogle Scholar
  13. 13.
    Perdisci GR, Zhang J, Lee W (2008) Botminer: Clustering analysis of network traffic for protocol-and structure-independent Botnet detection. In: USENIX Security Symposium, vol 5, pp 139–154Google Scholar
  14. 14.
    Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten I.H (2009) The WEKA Data Mining Software: An update. ACM SIGKDD Explor Newsl 11(1):10–18CrossRefGoogle Scholar
  15. 15.
    Hughes D, Rayson P, Walkerdine J, Lee K, Greenwood P, Rashid A, Brennan M (2008) Supporting law enforcement in digital communities through natural language analysis. In: Computational Forensics. Springer, Berlin, pp 122–134Google Scholar
  16. 16.
    Jegou H, Douze M, Schmid C (2008) Hamming embedding and weak geometric consistency for large scale image search. In: Computer VisionECCV 2008. Springer, Berlin, pp 304–317Google Scholar
  17. 17.
    Kodovsk J, Fridrich J (2012) Ensemble classifiers for steganalysis of digital media. IEEE Trans Inf Forensics Secur 7(2):432–444CrossRefGoogle Scholar
  18. 18.
    LibenNowell D, Kleinberg J (2007) The linkprediction problem for social networks. J Am Soc Inf Sci Technol 58(7):1019–1031CrossRefGoogle Scholar
  19. 19.
    Mislove AE (2009) Online social networks: measurement, analysis, and applications to distributed information systems. ProQuestGoogle Scholar
  20. 20.
    Nagaraja S, Houmansadr A, Piyawongwisal P, Singh V, Agarwal P, Borisov N (2011) Stegobot: a covert social network Botnet. In: Information Hiding. Springer, Berlin, pp 299–313Google Scholar
  21. 21.
    Nagaraja S, Mittal P, Hong CY, Caesar M, Borisov N (2010) BotGrep: Finding P2P Bots with Structured Graph Analysis. In: USENIX Security Symposium, pp 95–110Google Scholar
  22. 22.
    Nagaraja S, Anderson R (2009) The snooping dragon: social-malware surveillance of the Tibetan movement. University of Cambridge Computer LaboratoryGoogle Scholar
  23. 23.
    Natarajan V, Sheen S, Anitha R (2014) Multilevel Analysis to Detect Covert Social Botnet in Multimedia Social Networks. The Computer Journal, bxu063Google Scholar
  24. 24.
    Natarajan V, Sheen S, Anitha R (2012) Detection of Stegobot: A covert social network Botnet. In: Proceedings of the First International Conference on Security of Internet of Things, pp 36–41Google Scholar
  25. 25.
    Natarajan V, Anitha R (2012) Universal steganalysis using contourlet transform. In: Advances in Computer Science, Engineering & Applications. Springer, Berlin, pp 727–735Google Scholar
  26. 26.
    Pitsillidis A, Levchenko K, Kreibich C, Kanich C, Voelker GM, Paxson V, Savage S (2010) Botnet Judo: Fighting Spam with Itself. In: NDSSGoogle Scholar
  27. 27.
    Sakaki T, Okazaki M, Matsuo Y (2010) Earthquake shakes Twitter users: real-time event detection by social sensors. In: Proceedings of the 19th international conference on World wide web, pp 851– 860Google Scholar
  28. 28.
    Schaefer G, Stich M (2003) UCID: An uncompressed color image database. In: Electronic Imaging 2004 (pp. 472-480). International Society for Optics and PhotonicsGoogle Scholar
  29. 29.
    Shafiq MZ, Khayam SA, Farooq M (2008) Embedded malware detection using markov n-grams. In: Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Berlin, pp 88– 107Google Scholar
  30. 30.
    Solanki K, Sarkar A, Manjunath BS (2007) YASS: Yet another steganographic scheme that resists blind steganalysis. In: Information Hiding. Springer, Berlin, pp 16–31Google Scholar
  31. 31.
    Stein T, Chen E, Mangla K (2011) Facebook immune system. In: Proceedings of the 4th Workshop on Social Network Systems, p 8Google Scholar
  32. 32.
    Stringhini G, Kruegel C, Vigna G (2010) Detecting spammers on social networks. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp 1–9Google Scholar
  33. 33.
    Viswanath B, Post A, Gummadi KP, Mislove A (2011) Analysis of social network-based sybil defenses. ACM SIGCOMM Comput Commun Rev 41(4):363–374Google Scholar
  34. 34.
    Wasserman S, Faust K (1994) Social network analysis: Methods and applications (Vol. 8). Cambridge university pressGoogle Scholar
  35. 35.
    Westfeld A (2001) F5 A steganographic algorithm. In: Information hiding. Springer, Berlin, pp 289– 302Google Scholar
  36. 36.
    Zainudin NM, Merabti M, Llewellyn-Jones D (2010) Digital forensic investigation model for online social networking. In: Proceedings of the 11th Annual Conference on the Convergence of Telecommunications, Networking & Broadcasting, Liverpool, pp 21–22Google Scholar
  37. 37.
    Zheng X, Zeng Z, Chen Z, Yu Y, Rong C (2015) Detecting spammers on social networks. Neurocomputing 159:27–34CrossRefGoogle Scholar
  38. 38.
  39. 39.
    Social Computing Research Group
  40. 40.

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.Department of Applied Mathematics and Computational SciencesPSG College of TechnologyCoimbatoreIndia

Personalised recommendations