Stegobot: a covert social network botnet

Authors:
Shishir Nagaraja;Amir Houmansadr;Pratch Piyawongwisal;Vijit Singh;Pragya Agarwal;Nikita Borisov
Affiliations:
Indraprastha Institute of Information Technology, New Delhi, India;University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL;Indraprastha Institute of Information Technology, New Delhi, India;Indraprastha Institute of Information Technology, New Delhi, India;University of Illinois at Urbana-Champaign, Urbana, IL
Venue:
IH'11 Proceedings of the 13th international conference on Information hiding
Year:
2011

Citing 18
Cited 8

Attacks on Steganographic Systems

IH '99 Proceedings of the Third International Workshop on Information Hiding
F5-A Steganographic Algorithm

IHW '01 Proceedings of the 4th International Workshop on Information Hiding
A Steganographic Embedding Undetectable by JPEG Compatibility Steganalysis

IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Hide and Seek: An Introduction to Steganography

IEEE Security and Privacy
On Estimation of Secret Message Length in JSteg-like Steganography

ICPR '04 Proceedings of the Pattern Recognition, 17th International Conference on (ICPR'04) Volume 4 - Volume 04
An algorithm for anomaly-based botnet detection

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Statistically undetectable jpeg steganography: dead ends challenges, and opportunities

Proceedings of the 9th workshop on Multimedia & security
Wide-scale botnet detection and characterization

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Rishi: identify bot contaminated hosts by IRC nickname evaluation

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Traffic Aggregation for Malware Detection

DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

SS'08 Proceedings of the 17th conference on Security symposium
Modified matrix encoding technique for minimal distortion steganography

IH'06 Proceedings of the 8th international conference on Information hiding
YASS: yet another steganographic scheme that resists blind steganalysis

IH'07 Proceedings of the 9th international conference on Information hiding
Generalised category attack: improving histogram-based attack on JPEG LSB embedding

IH'07 Proceedings of the 9th international conference on Information hiding
A foray into Conficker's logic and rendezvous points

LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype

DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
BotGrep: finding P2P bots with structured graph analysis

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Category attack for LSB steganalysis of JPEG images

IWDW'06 Proceedings of the 5th international conference on Digital Watermarking

The socialbot network: when bots socialize for fame and money

Proceedings of the 27th Annual Computer Security Applications Conference
Fluxing botnet command and control channels with URL shortening services

Computer Communications
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets

Journal of Systems and Software
Peri-Watchdog: Hunting for hidden botnets in the periphery of online social networks

Computer Networks: The International Journal of Computer and Telecommunications Networking
Design and analysis of a social botnet

Computer Networks: The International Journal of Computer and Telecommunications Networking
Sensing-enabled channels for hard-to-detect command and control of mobile devices

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Detection of StegoBot: a covert social network botnet

Proceedings of the First International Conference on Security of Internet of Things
Trends in steganography

Communications of the ACM

Quantified Score

Hi-index	0.02

Visualization

Abstract

We propose Stegobot, a new generation botnet that communicates over probabilistically unobservable communication channels. It is designed to spread via social malware attacks and steal information from its victims. Unlike conventional botnets, Stegobot traffic does not introduce new communication endpoints between bots. Instead, it is based on a model of covert communication over a social-network overlay - bot to botmaster communication takes place along the edges of a social network. Further, bots use image steganography to hide the presence of communication within image sharing behavior of user interaction. We show that it is possible to design such a botnet even with a less than optimal routing mechanism such as restricted flooding. We analyzed a real-world dataset of image sharing between members of an online social network. Analysis of Stegobot's network throughput indicates that stealthy as it is, it is also functionally powerful - capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month.