Abstract
Existing research on net-centric attacks has focused on the detection of attack events on network side and the removal of rogue programs from client side. However, such approaches largely overlook the way on how attack tools and unwanted programs are developed and distributed. Recent studies in underground economy reveal that suspicious attackers heavily utilize online social networks to form special interest groups and distribute malicious code. Consequently, examining social dynamics, as a novel way to complement existing research efforts, is imperative to systematically identify attackers and tactically cope with net-centric threats. In this paper, we seek a way to understand and analyze social dynamics relevant to net-centric attacks and propose a suite of measures called SocialImpact for systematically discovering and mining adversarial evidence. We also demonstrate the feasibility and applicability of our approach by implementing a proof-of-concept prototype Cassandra with a case study on real-world data archived from the Internet.
This work was partially supported by the grants from National Science Foundation (NSF-IIS-0900970 and NSF-CNS-0831360). All correspondence should be addressed to Dr. Gail-Joon Ahn, gahn@asu.edu.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anselmi, D., Kuo, J., Santhanam, N., Boscovich, R.: Microsoft Security Intelligence Report, vol. 9
Thomas, K.: The Koobface botnet and the rise of social malware. In: Proc. of the 5th IEEE International Conference on Malicious and Unwanted Software (MALWARE), pp. 1–8 (2010)
Bächer, P., Holz, T., Kötter, M., Wicherski, G.: Know your Enemy: Tracking Botnets–Using honeynets to learn more about Bots (2005)
Chiang, K., Lloyd, L.: A case study of the rustock rootkit and spam bot. In: Proc. of Usenix Workshop on Hot Topics in Understanding Botnets (2007)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: Analysis of a botnet takeover. In: Proc. of Computer and Communications Security (CCS). ACM (2009)
Mushtaq, A.: Smashing the Mega-d/Ozdok botnet in 24 hours, http://blog.fireeye.com/research/2009/11/smashing-the-ozdok.html
Athanasopoulos, E., Makridakis, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K.G., Markatos, E.P.: Antisocial Networks: Turning a Social Network into a Botnet. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 146–160. Springer, Heidelberg (2008)
Dunham, K., Melnick, J.: Malicious bots: an inside look into the cyber-criminal underground of the internet. Auerbach Pub. (2008)
Holt, G.W.B., Thomas, J., Bossler, A.M.: Social Learning and Cyber Deviance: Examining the Importance of a Full Social Learning Model in the Virtual World. Journal of Crime and Justice, 33 (2010)
Goodin, D.: Online crime gangs embrace open source ethos, http://www.theregister.co.uk/2008/01/17/globalization-of-crimeware
Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proc. of the 18th International Conference on World Wide Web (WWW), pp. 531–540. ACM (2009)
Agarwal, N., Liu, H., Tang, L., Yu, P.: Identifying the influential bloggers in a community. In: Proc. of the 1st International Conference on Web Search and Web Data Mining (WSDM). ACM (2008)
Chakrabarti, S.: Dynamic personalized pagerank in entity-relation graphs. In: Proc. of World Wide Web, WWW (2007)
Keeney, R., Raiffa, H.: Decisions with multiple objectives. Cambridge Books (1993)
Salton, G., Buckley, C.: Term-weighting approaches in automatic text retrieval. Information Processing & Management 24(5), 513–523 (1988)
Bianchini, M., Gori, M., Scarselli, F.: Inside pagerank. ACM Transactions on Internet Technology (TOIT) 5(1), 92–128 (2005)
Yarochki, F.V.: From Russia with love.exe, http://www.seacure.it/archive/2009/stuff/Seacure2009FyodorYarochkin-FromRussiaWithLove.pdf
Raymond, E.: The new hacker’s dictionary. The MIT Press (1996)
Angles, R., Gutierrez, C.: Survey of graph database models. ACM Computing Surveys (CSUR) 40(1), 1–39 (2008)
Kleinberg, J.: Authoritative sources in a hyperlinked environment. Journal of the ACM (JACM) 46(5), 604–632 (1999)
Xu, J., Chen, H.: CrimeNet explorer: a framework for criminal network knowledge discovery. ACM Transactions on Information Systems (TOIS) 23(2), 201–226 (2005)
Zhou, Y., Reid, E., Qin, J., Chen, H., Lai, G.: US domestic extremist groups on the Web: link and content analysis. In: IEEE Intelligent Systems, pp. 44–51 (2005)
Chau, M., Xu, J.: Mining communities and their relationships in blogs: A study of online hate groups. International Journal of Human-Computer Studies 65(1), 57–70 (2007)
Lu, Y., Polgar, M., Luo, X., Cao, Y.: Social Network Analysis of a Criminal Hacker Community. Journal of Computer Information Systems, 31–42 (2010)
Page, L., Brin, S., Motwani, R., Winograd, T.: The PageRank Citation Ranking: Bringing Order to the Web (1999)
Cho, C., et al.: Inference and analysis of formal models of botnet command and control protocols. In: Proc. of the 17th ACM Conference on Computer and Communications Security (CCS), pp. 426–439. ACM (2010)
Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: Detecting malware infection through ids-driven dialog correlation. In: Proc. of USENIX Security Symposium. USENIX Association (2007)
Prince, B.: Microsoft takes down a botnet responsible for 39 percentage of global spam, http://www.pcmag.com/article2/0,2817,2368935,00.asp
Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference. ACM (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhao, Z., Ahn, GJ., Hu, H., Mahi, D. (2012). SocialImpact: Systematic Analysis of Underground Social Dynamics. In: Foresti, S., Yung, M., Martinelli, F. (eds) Computer Security – ESORICS 2012. ESORICS 2012. Lecture Notes in Computer Science, vol 7459. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33167-1_50
Download citation
DOI: https://doi.org/10.1007/978-3-642-33167-1_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33166-4
Online ISBN: 978-3-642-33167-1
eBook Packages: Computer ScienceComputer Science (R0)