Social network-based botnet command-and-control: emerging threats and countermeasures

Authors:
Erhan J. Kartaltepe;Jose Andre Morales;Shouhuai Xu;Ravi Sandhu
Affiliations:
Institute for Cyber Security, University of Texas at San Antonio;Institute for Cyber Security, University of Texas at San Antonio;Department of Computer Science, University of Texas at San Antonio;Institute for Cyber Security, University of Texas at San Antonio
Venue:
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Year:
2010

Citing 19
Cited 9

Plausible Deniability Using Automated Linguistic Stegonagraphy

InfraSec '02 Proceedings of the International Conference on Infrastructure Security
The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense
A multifaceted approach to understanding the botnet phenomenon

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The Zombie roundup: understanding, detecting, and disrupting botnets

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
An algorithm for anomaly-based botnet detection

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Using uncleanliness to predict future botnet addresses

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Peer-to-peer botnets: overview and case study

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Wide-scale botnet detection and characterization

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Rishi: identify bot contaminated hosts by IRC nickname evaluation

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
BotHunter: detecting malware infection through IDS-driven dialog correlation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Characterizing botnets from email spam records

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamming botnets: signatures and characteristics

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Characterizing Bots' Remote Control Behavior

DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Antisocial Networks: Turning a Social Network into a Botnet

ISC '08 Proceedings of the 11th international conference on Information Security
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

SS'08 Proceedings of the 17th conference on Security symposium
Studying spamming botnets using Botlab

NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
BotGraph: large scale spamming botnet detection

NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Hit-list worm detection and bot identification in large networks using protocol graphs

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Quantitatively analyzing stealthy communication channels

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
SkyNET: a 3G-enabled mobile attack drone and stealth botmaster

WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
A framework for avoiding steganography usage over HTTP

Journal of Network and Computer Applications
Towards detection of botnet communication through social media by monitoring user activity

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service

Proceedings of the 28th Annual Computer Security Applications Conference
Fluxing botnet command and control channels with URL shortening services

Computer Communications
Botnets: A survey

Computer Networks: The International Journal of Computer and Telecommunications Networking
Design and analysis of a social botnet

Computer Networks: The International Journal of Computer and Telecommunications Networking
Botnet command and control based on Short Message Service and human mobility

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Botnets have become a major threat in cyberspace. In order to effectively combat botnets, we need to understand a botnet's Command-and-Control (C&C), which is challenging because C&C strategies and methods evolve rapidly. Very recently, botmasters have begun to exploit social network websites (e.g., Twitter.com) as their C&C infrastructures, which turns out to be quite stealthy because it is hard to distinguish the C&C activities from the normal social networking traffic. In this paper, we study the problem of using social networks as botnet C&C infrastructures. Treating as a starting point the current generation of social network-based botnet C&C, we envision the evolution of such C&C methods and explore social networks-based countermeasures.