Skip to main content
SpringerLink
Log in

A multi-feature approach to detect Stegobot: a covert multimedia social network botnet

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Online Multimedia Social Networks(OSNs) are popular and efficient medium for millions of users. Unfortunately, in wrong hands, they are also effective medium for spreading social malware and propagation of social botnet. A newly proposed multimedia social network threat, Stegobot masks crucial information in a digital image by using a technique known as steganography. Stegobot works by first infecting a computer and then communicates the stolen information, which could be login passwords, bank account details or credit card numbers. Also it efficiently utilizes the advantage of image steganography to hide the presence of communication within the image sharing behavior of OSNs. Since these social bots exhibit unobservable communication channels, existing botnet detection mechanisms cannot be applied to such botnets. In this paper, we present a novel host based method for detecting and differentiating Stegobot profiles. Also the proposed method shows the ability to detect Stegobot network traffic which is inherently different from legitimate multimedia social network traffic. The best performance of our detection system is demonstrated on different social networks data set with different evaluation metrics. Multiple aspects of multimedia attributes proposed in this study help to explore the hidden communication structure of botnet. Stegobot profiles mimic genuine users and compromise other vulnerable users in social network. By using single view features alone it is very difficult to detect bot profiles as well as Stegobot communications and hence in this work a multi-feature approach is considered. Also, this work attempts to help network security experts and forensic analysts to understand the Stegobot communication and the key profiles inside the malicious network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Angelopoulou O (2007) ID Theft: A computer forensics’ investigation Framework. School of Computer and Information Science. Edith Cowan University, Perth

    Google Scholar 

  2. Benevenuto F, Rodrigues T, Almeida V, Almeida J, Gonalves M (2009) Detecting spammers and content promoters in online video social networks. In: Proceedings of the 32nd international ACM SIGIR conference on Research and development in information retrieval, pp 620–627

  3. Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social Botnet. Comput Netw 57(2):556–578

    Article  Google Scholar 

  4. Buscarino A, Frasca M, Fortuna L, Fiore A.S (2012) A new model for growing social networks. IEEE Syst J 6(3):531–538

    Article  Google Scholar 

  5. Cao Q, Sirivianos M, Yang X, Pregueiro T (2012) Aiding the detection of fake accounts in large scale social online services. In: Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation (pp. 15-15). USENIX Association

  6. Castillo C, Donato D, Gionis A, Murdock V, Silvestri F (2007) Know your neighbors: Web spam detection using the web topology. In: Proceedings of the 30th annual international ACM SIGIR conference on Research and development in information retrieval, pp 423–430

  7. Ellison NB (2007) Social network sites: Definition, history, and scholarship. J Comput.-Mediat Commun 13(1):210–230

    Article  MathSciNet  Google Scholar 

  8. Fedynyshyn G, Chuah MC, Tan G (2011) Detection and classification of different Botnet C & C channels. In: Autonomic and Trusted Computing. Springer, Berlin, pp 228–242

  9. Fire M, Katz G, Elovici Y (2012) Strangers intrusion detection-detecting spammers and fake proles in social networks based on topology anomalies. HUMAN 1 (1):26

    Google Scholar 

  10. Fridrich J, Goljan M, Hogea D (2003) Steganalysis of JPEG images: Breaking the F5 algorithm. In: Information Hiding. Springer, Berlin, pp 310–323

  11. Gao H, Hu J, Wilson C, Li Z, Chen Y, Zhao BY (2010) Detecting and characterizing social spam campaigns. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp 35–47

  12. Gowacz A, Grega M, Gwiazda P, Janowski L, Leszczuk M, Romaniak P, Romano S.P (2010) Automated qualitative assessment of multi-modal distortions in digital images based on GLZ. Ann Telecommun-annales des tlcommunications 65 (1-2):3–17

    Article  Google Scholar 

  13. Perdisci GR, Zhang J, Lee W (2008) Botminer: Clustering analysis of network traffic for protocol-and structure-independent Botnet detection. In: USENIX Security Symposium, vol 5, pp 139–154

  14. Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten I.H (2009) The WEKA Data Mining Software: An update. ACM SIGKDD Explor Newsl 11(1):10–18

    Article  Google Scholar 

  15. Hughes D, Rayson P, Walkerdine J, Lee K, Greenwood P, Rashid A, Brennan M (2008) Supporting law enforcement in digital communities through natural language analysis. In: Computational Forensics. Springer, Berlin, pp 122–134

  16. Jegou H, Douze M, Schmid C (2008) Hamming embedding and weak geometric consistency for large scale image search. In: Computer VisionECCV 2008. Springer, Berlin, pp 304–317

  17. Kodovsk J, Fridrich J (2012) Ensemble classifiers for steganalysis of digital media. IEEE Trans Inf Forensics Secur 7(2):432–444

    Article  Google Scholar 

  18. LibenNowell D, Kleinberg J (2007) The linkprediction problem for social networks. J Am Soc Inf Sci Technol 58(7):1019–1031

    Article  Google Scholar 

  19. Mislove AE (2009) Online social networks: measurement, analysis, and applications to distributed information systems. ProQuest

  20. Nagaraja S, Houmansadr A, Piyawongwisal P, Singh V, Agarwal P, Borisov N (2011) Stegobot: a covert social network Botnet. In: Information Hiding. Springer, Berlin, pp 299–313

  21. Nagaraja S, Mittal P, Hong CY, Caesar M, Borisov N (2010) BotGrep: Finding P2P Bots with Structured Graph Analysis. In: USENIX Security Symposium, pp 95–110

  22. Nagaraja S, Anderson R (2009) The snooping dragon: social-malware surveillance of the Tibetan movement. University of Cambridge Computer Laboratory

  23. Natarajan V, Sheen S, Anitha R (2014) Multilevel Analysis to Detect Covert Social Botnet in Multimedia Social Networks. The Computer Journal, bxu063

  24. Natarajan V, Sheen S, Anitha R (2012) Detection of Stegobot: A covert social network Botnet. In: Proceedings of the First International Conference on Security of Internet of Things, pp 36–41

  25. Natarajan V, Anitha R (2012) Universal steganalysis using contourlet transform. In: Advances in Computer Science, Engineering & Applications. Springer, Berlin, pp 727–735

  26. Pitsillidis A, Levchenko K, Kreibich C, Kanich C, Voelker GM, Paxson V, Savage S (2010) Botnet Judo: Fighting Spam with Itself. In: NDSS

  27. Sakaki T, Okazaki M, Matsuo Y (2010) Earthquake shakes Twitter users: real-time event detection by social sensors. In: Proceedings of the 19th international conference on World wide web, pp 851– 860

  28. Schaefer G, Stich M (2003) UCID: An uncompressed color image database. In: Electronic Imaging 2004 (pp. 472-480). International Society for Optics and Photonics

  29. Shafiq MZ, Khayam SA, Farooq M (2008) Embedded malware detection using markov n-grams. In: Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Berlin, pp 88– 107

  30. Solanki K, Sarkar A, Manjunath BS (2007) YASS: Yet another steganographic scheme that resists blind steganalysis. In: Information Hiding. Springer, Berlin, pp 16–31

  31. Stein T, Chen E, Mangla K (2011) Facebook immune system. In: Proceedings of the 4th Workshop on Social Network Systems, p 8

  32. Stringhini G, Kruegel C, Vigna G (2010) Detecting spammers on social networks. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp 1–9

  33. Viswanath B, Post A, Gummadi KP, Mislove A (2011) Analysis of social network-based sybil defenses. ACM SIGCOMM Comput Commun Rev 41(4):363–374

    Google Scholar 

  34. Wasserman S, Faust K (1994) Social network analysis: Methods and applications (Vol. 8). Cambridge university press

  35. Westfeld A (2001) F5 A steganographic algorithm. In: Information hiding. Springer, Berlin, pp 289– 302

  36. Zainudin NM, Merabti M, Llewellyn-Jones D (2010) Digital forensic investigation model for online social networking. In: Proceedings of the 11th Annual Conference on the Convergence of Telecommunications, Networking & Broadcasting, Liverpool, pp 21–22

  37. Zheng X, Zeng Z, Chen Z, Yu Y, Rong C (2015) Detecting spammers on social networks. Neurocomputing 159:27–34

    Article  Google Scholar 

  38. Barracuda Labs https://barracudalabs.com/

  39. Social Computing Research Group http://socialnetworks.mpi-sws.org/datasets.html

  40. ICWSM http://www.icwsm.org/2014/datasets/datasets/

Download references

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Coimbatore, 641004, India

    Natarajan Venkatachalam & R. Anitha

Authors
  1. Natarajan Venkatachalam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Anitha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Natarajan Venkatachalam.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Venkatachalam, N., Anitha, R. A multi-feature approach to detect Stegobot: a covert multimedia social network botnet. Multimed Tools Appl 76, 6079–6096 (2017). https://doi.org/10.1007/s11042-016-3555-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-016-3555-3

Keywords

Search

Navigation