Abstract
Online Multimedia Social Networks(OSNs) are popular and efficient medium for millions of users. Unfortunately, in wrong hands, they are also effective medium for spreading social malware and propagation of social botnet. A newly proposed multimedia social network threat, Stegobot masks crucial information in a digital image by using a technique known as steganography. Stegobot works by first infecting a computer and then communicates the stolen information, which could be login passwords, bank account details or credit card numbers. Also it efficiently utilizes the advantage of image steganography to hide the presence of communication within the image sharing behavior of OSNs. Since these social bots exhibit unobservable communication channels, existing botnet detection mechanisms cannot be applied to such botnets. In this paper, we present a novel host based method for detecting and differentiating Stegobot profiles. Also the proposed method shows the ability to detect Stegobot network traffic which is inherently different from legitimate multimedia social network traffic. The best performance of our detection system is demonstrated on different social networks data set with different evaluation metrics. Multiple aspects of multimedia attributes proposed in this study help to explore the hidden communication structure of botnet. Stegobot profiles mimic genuine users and compromise other vulnerable users in social network. By using single view features alone it is very difficult to detect bot profiles as well as Stegobot communications and hence in this work a multi-feature approach is considered. Also, this work attempts to help network security experts and forensic analysts to understand the Stegobot communication and the key profiles inside the malicious network.
Similar content being viewed by others
References
Angelopoulou O (2007) ID Theft: A computer forensics’ investigation Framework. School of Computer and Information Science. Edith Cowan University, Perth
Benevenuto F, Rodrigues T, Almeida V, Almeida J, Gonalves M (2009) Detecting spammers and content promoters in online video social networks. In: Proceedings of the 32nd international ACM SIGIR conference on Research and development in information retrieval, pp 620–627
Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social Botnet. Comput Netw 57(2):556–578
Buscarino A, Frasca M, Fortuna L, Fiore A.S (2012) A new model for growing social networks. IEEE Syst J 6(3):531–538
Cao Q, Sirivianos M, Yang X, Pregueiro T (2012) Aiding the detection of fake accounts in large scale social online services. In: Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation (pp. 15-15). USENIX Association
Castillo C, Donato D, Gionis A, Murdock V, Silvestri F (2007) Know your neighbors: Web spam detection using the web topology. In: Proceedings of the 30th annual international ACM SIGIR conference on Research and development in information retrieval, pp 423–430
Ellison NB (2007) Social network sites: Definition, history, and scholarship. J Comput.-Mediat Commun 13(1):210–230
Fedynyshyn G, Chuah MC, Tan G (2011) Detection and classification of different Botnet C & C channels. In: Autonomic and Trusted Computing. Springer, Berlin, pp 228–242
Fire M, Katz G, Elovici Y (2012) Strangers intrusion detection-detecting spammers and fake proles in social networks based on topology anomalies. HUMAN 1 (1):26
Fridrich J, Goljan M, Hogea D (2003) Steganalysis of JPEG images: Breaking the F5 algorithm. In: Information Hiding. Springer, Berlin, pp 310–323
Gao H, Hu J, Wilson C, Li Z, Chen Y, Zhao BY (2010) Detecting and characterizing social spam campaigns. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp 35–47
Gowacz A, Grega M, Gwiazda P, Janowski L, Leszczuk M, Romaniak P, Romano S.P (2010) Automated qualitative assessment of multi-modal distortions in digital images based on GLZ. Ann Telecommun-annales des tlcommunications 65 (1-2):3–17
Perdisci GR, Zhang J, Lee W (2008) Botminer: Clustering analysis of network traffic for protocol-and structure-independent Botnet detection. In: USENIX Security Symposium, vol 5, pp 139–154
Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten I.H (2009) The WEKA Data Mining Software: An update. ACM SIGKDD Explor Newsl 11(1):10–18
Hughes D, Rayson P, Walkerdine J, Lee K, Greenwood P, Rashid A, Brennan M (2008) Supporting law enforcement in digital communities through natural language analysis. In: Computational Forensics. Springer, Berlin, pp 122–134
Jegou H, Douze M, Schmid C (2008) Hamming embedding and weak geometric consistency for large scale image search. In: Computer VisionECCV 2008. Springer, Berlin, pp 304–317
Kodovsk J, Fridrich J (2012) Ensemble classifiers for steganalysis of digital media. IEEE Trans Inf Forensics Secur 7(2):432–444
LibenNowell D, Kleinberg J (2007) The linkprediction problem for social networks. J Am Soc Inf Sci Technol 58(7):1019–1031
Mislove AE (2009) Online social networks: measurement, analysis, and applications to distributed information systems. ProQuest
Nagaraja S, Houmansadr A, Piyawongwisal P, Singh V, Agarwal P, Borisov N (2011) Stegobot: a covert social network Botnet. In: Information Hiding. Springer, Berlin, pp 299–313
Nagaraja S, Mittal P, Hong CY, Caesar M, Borisov N (2010) BotGrep: Finding P2P Bots with Structured Graph Analysis. In: USENIX Security Symposium, pp 95–110
Nagaraja S, Anderson R (2009) The snooping dragon: social-malware surveillance of the Tibetan movement. University of Cambridge Computer Laboratory
Natarajan V, Sheen S, Anitha R (2014) Multilevel Analysis to Detect Covert Social Botnet in Multimedia Social Networks. The Computer Journal, bxu063
Natarajan V, Sheen S, Anitha R (2012) Detection of Stegobot: A covert social network Botnet. In: Proceedings of the First International Conference on Security of Internet of Things, pp 36–41
Natarajan V, Anitha R (2012) Universal steganalysis using contourlet transform. In: Advances in Computer Science, Engineering & Applications. Springer, Berlin, pp 727–735
Pitsillidis A, Levchenko K, Kreibich C, Kanich C, Voelker GM, Paxson V, Savage S (2010) Botnet Judo: Fighting Spam with Itself. In: NDSS
Sakaki T, Okazaki M, Matsuo Y (2010) Earthquake shakes Twitter users: real-time event detection by social sensors. In: Proceedings of the 19th international conference on World wide web, pp 851– 860
Schaefer G, Stich M (2003) UCID: An uncompressed color image database. In: Electronic Imaging 2004 (pp. 472-480). International Society for Optics and Photonics
Shafiq MZ, Khayam SA, Farooq M (2008) Embedded malware detection using markov n-grams. In: Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Berlin, pp 88– 107
Solanki K, Sarkar A, Manjunath BS (2007) YASS: Yet another steganographic scheme that resists blind steganalysis. In: Information Hiding. Springer, Berlin, pp 16–31
Stein T, Chen E, Mangla K (2011) Facebook immune system. In: Proceedings of the 4th Workshop on Social Network Systems, p 8
Stringhini G, Kruegel C, Vigna G (2010) Detecting spammers on social networks. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp 1–9
Viswanath B, Post A, Gummadi KP, Mislove A (2011) Analysis of social network-based sybil defenses. ACM SIGCOMM Comput Commun Rev 41(4):363–374
Wasserman S, Faust K (1994) Social network analysis: Methods and applications (Vol. 8). Cambridge university press
Westfeld A (2001) F5 A steganographic algorithm. In: Information hiding. Springer, Berlin, pp 289– 302
Zainudin NM, Merabti M, Llewellyn-Jones D (2010) Digital forensic investigation model for online social networking. In: Proceedings of the 11th Annual Conference on the Convergence of Telecommunications, Networking & Broadcasting, Liverpool, pp 21–22
Zheng X, Zeng Z, Chen Z, Yu Y, Rong C (2015) Detecting spammers on social networks. Neurocomputing 159:27–34
Barracuda Labs https://barracudalabs.com/
Social Computing Research Group http://socialnetworks.mpi-sws.org/datasets.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Venkatachalam, N., Anitha, R. A multi-feature approach to detect Stegobot: a covert multimedia social network botnet. Multimed Tools Appl 76, 6079–6096 (2017). https://doi.org/10.1007/s11042-016-3555-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-016-3555-3