Stegobot: A covert social network botnet

Shishir Nagaraja; Amir Houmansadr; Pratch Piyawongwisal; Vijit Singh; Pragya Agarwal; Nikita Borisov

doi:10.1007/978-3-642-24178-9_21

Stegobot: A covert social network botnet

Shishir Nagaraja, Amir Houmansadr, Pratch Piyawongwisal, Vijit Singh, Pragya Agarwal, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We propose Stegobot, a new generation botnet that communicates over probabilistically unobservable communication channels. It is designed to spread via social malware attacks and steal information from its victims. Unlike conventional botnets, Stegobot traffic does not introduce new communication endpoints between bots. Instead, it is based on a model of covert communication over a social-network overlay - bot to botmaster communication takes place along the edges of a social network. Further, bots use image steganography to hide the presence of communication within image sharing behavior of user interaction. We show that it is possible to design such a botnet even with a less than optimal routing mechanism such as restricted flooding. We analyzed a real-world dataset of image sharing between members of an online social network. Analysis of Stegobot's network throughput indicates that stealthy as it is, it is also functionally powerful - capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month.

Original language	English (US)
Title of host publication	Information Hiding - 13th International Conference, IH 2011, Revised Selected Papers
Pages	299-313
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-642-24178-9_21
State	Published - 2011
Event	13th International Conference on Information Hiding, IH 2011 - Prague, Czech Republic Duration: May 18 2011 → May 20 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6958 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	13th International Conference on Information Hiding, IH 2011
Country/Territory	Czech Republic
City	Prague
Period	5/18/11 → 5/20/11

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-642-24178-9_21

Library availability

Discover UIUC Full Text

Cite this

Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., & Borisov, N. (2011). Stegobot: A covert social network botnet. In Information Hiding - 13th International Conference, IH 2011, Revised Selected Papers (pp. 299-313). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6958 LNCS). https://doi.org/10.1007/978-3-642-24178-9_21

Stegobot : A covert social network botnet. / Nagaraja, Shishir; Houmansadr, Amir; Piyawongwisal, Pratch et al.

Information Hiding - 13th International Conference, IH 2011, Revised Selected Papers. 2011. p. 299-313 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6958 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nagaraja, S, Houmansadr, A, Piyawongwisal, P, Singh, V, Agarwal, P & Borisov, N 2011, Stegobot: A covert social network botnet. in Information Hiding - 13th International Conference, IH 2011, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6958 LNCS, pp. 299-313, 13th International Conference on Information Hiding, IH 2011, Prague, Czech Republic, 5/18/11. https://doi.org/10.1007/978-3-642-24178-9_21

Nagaraja S, Houmansadr A, Piyawongwisal P, Singh V, Agarwal P, Borisov N. Stegobot: A covert social network botnet. In Information Hiding - 13th International Conference, IH 2011, Revised Selected Papers. 2011. p. 299-313. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-24178-9_21

@inproceedings{7d3fb6eea04d4d0b8dc79d26b0d8abef,

title = "Stegobot: A covert social network botnet",

abstract = "We propose Stegobot, a new generation botnet that communicates over probabilistically unobservable communication channels. It is designed to spread via social malware attacks and steal information from its victims. Unlike conventional botnets, Stegobot traffic does not introduce new communication endpoints between bots. Instead, it is based on a model of covert communication over a social-network overlay - bot to botmaster communication takes place along the edges of a social network. Further, bots use image steganography to hide the presence of communication within image sharing behavior of user interaction. We show that it is possible to design such a botnet even with a less than optimal routing mechanism such as restricted flooding. We analyzed a real-world dataset of image sharing between members of an online social network. Analysis of Stegobot's network throughput indicates that stealthy as it is, it is also functionally powerful - capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month.",

author = "Shishir Nagaraja and Amir Houmansadr and Pratch Piyawongwisal and Vijit Singh and Pragya Agarwal and Nikita Borisov",

year = "2011",

doi = "10.1007/978-3-642-24178-9_21",

language = "English (US)",

isbn = "9783642241772",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "299--313",

booktitle = "Information Hiding - 13th International Conference, IH 2011, Revised Selected Papers",

note = "13th International Conference on Information Hiding, IH 2011 ; Conference date: 18-05-2011 Through 20-05-2011",

}

TY - GEN

T1 - Stegobot

T2 - 13th International Conference on Information Hiding, IH 2011

AU - Nagaraja, Shishir

AU - Houmansadr, Amir

AU - Piyawongwisal, Pratch

AU - Singh, Vijit

AU - Agarwal, Pragya

AU - Borisov, Nikita

PY - 2011

Y1 - 2011

N2 - We propose Stegobot, a new generation botnet that communicates over probabilistically unobservable communication channels. It is designed to spread via social malware attacks and steal information from its victims. Unlike conventional botnets, Stegobot traffic does not introduce new communication endpoints between bots. Instead, it is based on a model of covert communication over a social-network overlay - bot to botmaster communication takes place along the edges of a social network. Further, bots use image steganography to hide the presence of communication within image sharing behavior of user interaction. We show that it is possible to design such a botnet even with a less than optimal routing mechanism such as restricted flooding. We analyzed a real-world dataset of image sharing between members of an online social network. Analysis of Stegobot's network throughput indicates that stealthy as it is, it is also functionally powerful - capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month.

AB - We propose Stegobot, a new generation botnet that communicates over probabilistically unobservable communication channels. It is designed to spread via social malware attacks and steal information from its victims. Unlike conventional botnets, Stegobot traffic does not introduce new communication endpoints between bots. Instead, it is based on a model of covert communication over a social-network overlay - bot to botmaster communication takes place along the edges of a social network. Further, bots use image steganography to hide the presence of communication within image sharing behavior of user interaction. We show that it is possible to design such a botnet even with a less than optimal routing mechanism such as restricted flooding. We analyzed a real-world dataset of image sharing between members of an online social network. Analysis of Stegobot's network throughput indicates that stealthy as it is, it is also functionally powerful - capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month.

UR - http://www.scopus.com/inward/record.url?scp=80052986561&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80052986561&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-24178-9_21

DO - 10.1007/978-3-642-24178-9_21

M3 - Conference contribution

AN - SCOPUS:80052986561

SN - 9783642241772

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 299

EP - 313

BT - Information Hiding - 13th International Conference, IH 2011, Revised Selected Papers

Y2 - 18 May 2011 through 20 May 2011

ER -

Stegobot: A covert social network botnet

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this