Abstract
Botnets have become a major threat in cyberspace. In order to effectively combat botnets, we need to understand a botnet’s Command-and-Control (C&C), which is challenging because C&C strategies and methods evolve rapidly. Very recently, botmasters have begun to exploit social network websites (e.g., Twitter.com) as their C&C infrastructures, which turns out to be quite stealthy because it is hard to distinguish the C&C activities from the normal social networking traffic. In this paper, we study the problem of using social networks as botnet C&C infrastructures. Treating as a starting point the current generation of social network-based botnet C&C, we envision the evolution of such C&C methods and explore social networks-based countermeasures.
Chapter PDF
Similar content being viewed by others
References
Athanasopoulos, E., Makridakis, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K., Markatos, E.: Antisocial networks: Turning a social network into a botnet. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 146–160. Springer, Heidelberg (2008)
Balatzar, J., Costoya, J., Flores, R.: The real face of koobface: The largest web 2.0 botnet explained. Technical report, Trend Micro (2009)
Binkley, J.R., Singh, S.: An algorithm for anomaly-based botnet detection. In: Proc. Reducing Unwanted Traffic on the Internet, SRUTI ’06 (2006)
Chapman, M., Davida, G.I.: Plausible deniability using automated linguistic stegonagraphy. In: Conference on Infrastructure Security (October 2002)
Cheng, A., Evans, M.: Inside twitter: An in-depth look inside the twitter world, http://www.sysomos.com/insidetwitter
Collins, M., Reiter, M.: Hit-list worm detection and bot identification in large networks using protocol graphs. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 276–295. Springer, Heidelberg (2007)
Collins, M., Shimeall, T., Faber, S., Janies, J., Weaver, R., De Shon, M., Kadane, J.: Using uncleanliness to predict future botnet addresses. In: Proc. IMC ’07 (2007)
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: Proc. SRUTI ’05 (2005)
Microsoft Corporation. Network monitor 3.3, http://go.microsoft.com/fwlink/?LinkID=103158&clcid=0x409
CWSandbox.org. Cwsandbox—behavior-based malware analysis, http://www.cwsandbox.org
Dagon, D., Gu, G., Lee, C., Lee, W.: A taxonomy of botnet structures. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol. 4697, Springer, Heidelberg (2007)
DigiNinja. Kreiosc2: Poc using twitter as its command and control channel, http://www.digininja.org
Easton, T., Johnson, K.: Social zombies. In: DEFCON ’09 (2009)
Goebel, J., Holz, T.: Rishi: identify bot contaminated hosts by irc nickname evaluation. In: Proc. HotBots ’07 (2007)
Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: overview and case study. In: Proc. HotBots ’07 (2007)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Security ’08 (2008)
Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting malware infection through ids-driven dialog correlation. In: USENIX Security ’07 (2007)
Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting botnet command and control channels in network traffic. In: Proc. NDSS ’08 (2008)
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: LEET ’08 (2008)
Hu, X., Knysz, M., Shin, K.G.: Rb-seeker: Auto-detection of redirection botnets. In: Proc. NDSS ’09 (2009)
Finjan Software Inc. Web security trends report q4 2007. Technical report, Finjan Software Inc. (2007), http://www.finjan.com/Content.aspx?id=827
John, J., Moshchuk, A., Gribble, S., Krishnamurthy, A.: Studying spamming botnets using botlab. In: Proc. NSDI ’09 (2009)
Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: Proc. HotBots ’07 (2007)
Morales, J.A., Clarke, P.J., Deng, Y., Kibria, B.G.: Identification of file infecting viruses through detection of self-reference replication. Journal in Computer Virology (2008)
Nazario, J.: Twitter based botnet command and control (2009), http://asert.arbornetworks.com/2009/08/twitter-based-botnet-command-channel
Nazario, J., Holz, T.: As the net churns: Fast-flux botnet observations. In: Proc. MALWARE ’08 (2008)
PassMark.com. Passmark performancetest 7.0, http://www.passmark.com/products/pt.htm
Poland, S.: How to create a twitter bot (2007), http://blog.stevepoland.com/how-to-create-a-twitter-bot/
Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proc. IMC ’06 (2006)
Singh, K., Srivastava, A., Giffin, J., Lee, W.: Evaluating email’s feasibility for botnet command and control. In: Proc. DSN
Stinson, E., Mitchell, J.C.: Characterizing bots’ remote control behavior. In: Hämmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 89–108. Springer, Heidelberg (2007)
Szor, P.: The Art of Computer Virus Research and Defense. Symantec Press (2005)
Weka 3 data mining software, http://www.cs.waikato.ac.nz/ml/weka/
Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. In: Proc. SIGCOMM ’08, pp. 171–182 (2008)
Zhao, Y., Xie, Y., Yu, F., Ke, Q., Yu, Y., Chen, Y., Gillum, E.: Botgraph: large scale spamming botnet detection. In: Proc. NSDI ’09 (2009)
Zhu, Z., Yegneswaran, V., Chen, Y.: Using failure information analysis to detect enterprise zombies. In: Proc. Securecomm ’09 (2009)
Zhuang, L., Dunagan, J., Simon, D., Wang, H., Osipkov, I., Hulten, G., Tygar, J.: Characterizing botnets from email spam records. In: Proc. LEET ’08 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kartaltepe, E.J., Morales, J.A., Xu, S., Sandhu, R. (2010). Social Network-Based Botnet Command-and-Control: Emerging Threats and Countermeasures. In: Zhou, J., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2010. Lecture Notes in Computer Science, vol 6123. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13708-2_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-13708-2_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13707-5
Online ISBN: 978-3-642-13708-2
eBook Packages: Computer ScienceComputer Science (R0)