Deployment and exploitation of deceptive honeybots in social networks

@article{Zhu2013DeploymentAE,
  title={Deployment and exploitation of deceptive honeybots in social networks},
  author={Quanyan Zhu and Andy Clark and Radha Poovendran and Tamer Başar},
  journal={52nd IEEE Conference on Decision and Control},
  year={2013},
  pages={212-219}
}
As social networking sites such as Facebook and Twitter are becoming increasingly popular, a growing number of malicious attacks, such as phishing and malware, are exploiting them. Among these attacks, social botnets have sophisticated infrastructure that leverages compromised user accounts, known as bots, to automate the creation of new social networking accounts for spamming and malware propagation. Traditional defense mechanisms are often passive and reactive to non-zero-day attacks. In this… 

Figures from this paper

Creation and Management of Social Network Honeypots for Detecting Targeted Cyber Attacks
TLDR
A framework for management of social network honeypots to aid in detection of APTs at the reconnaissance phase is proposed and a case study based on the results of a field trial conducted with the cooperation of a large European organization is presented.
Leak sinks: The threat of targeted social eavesdropping
TLDR
This study evaluates the ability of an attacker to harvest leaked information using socialbots versus the effort required to wire the profiles into the organizational network and demonstrates that organizations whose social network topologies are characterized by low clustering coefficient are more vulnerable to eavesdropping.
Online Social Deception and Its Countermeasures: A Survey
TLDR
An extensive survey is conducted, covering the multidisciplinary concept of social deception, types of OSD attacks and their unique characteristics compared to other social network attacks and cybercrimes, and comprehensive defense mechanisms embracing prevention, detection, and response (or mitigation) againstOSD attacks along with their pros and cons.
Online Social Deception and Its Countermeasures for Trustworthy Cyberspace: A Survey
TLDR
An extensive survey is conducted, covering the multidisciplinary concepts of social deception, types of OSD attacks and their unique characteristics compared to other social network attacks and cybercrimes, and comprehensive defense mechanisms embracing prevention, detection, and response (or mitigation) againstOSD attacks along with their pros and cons.
Detection of Spammers in the Reconnaissance Phase by machine learning techniques
  • J. Jeyasudha, G. Usha
  • Computer Science
    2018 3rd International Conference on Inventive Computation Technologies (ICICT)
  • 2018
TLDR
A framework is proposed for the early detection of attackers in the reconnaissance phase, highlighting the common characteristic behavior among attackers in professional social networks.
Técnicas de detección y control de phishing. Detection and Control of Phishing Techniques.
TLDR
Major computer-related crimes, such as unlawful interception of e-mail correspondence, the unauthorized use of cards, and false PINs are described, emphasizing phishing as one of fastest-growing scams in recent years.
A Game-Theoretic Analysis of Deception over Social Networks Using Fake Avatars
TLDR
A deception game in networks in which the defender deploys a fake avatar for identification of the compromised internal user and an analysis determines for which probability of the external user being an attacker, the defender should launch a defending mechanism.
Adaptive Honeypot Engagement through Reinforcement Learning of Semi-Markov Decision Processes
TLDR
This work applies infinite-horizon Semi-Markov Decision Process (SMDP) to characterize a stochastic transition and sojourn time of attackers in the honeynet and quantify the reward-risk trade-off, and designs adaptive long-term engagement policies shown to be risk-averse, cost-effective, and time-efficient.
The ethics of social honeypots
This paper considers some of the ethical issues surrounding the study of malicious activity in social networks, specifically using a technique known as social honeypots combined with the use of
Manipulating Adversary's Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security
TLDR
This work applies cyber deception techniques in the field of network security and investigates how attacker’s belief evolves and influences his actions, and shows how the defender should manipulate this belief to prevent the attacker from achieving his goals and thus minimize the damage inflicted to the network.
...
...

References

SHOWING 1-10 OF 43 REFERENCES
The Koobface botnet and the rise of social malware
  • Kurt Thomas, D. Nicol
  • Computer Science
    2010 5th International Conference on Malicious and Unwanted Software
  • 2010
TLDR
Koobface's zombie infrastructure is explored and the identities of fraudulent and compromised social network accounts used to distribute malicious links to over 213,000 social network users, generating over 157,000 clicks are discovered.
Uncovering social spammers: social honeypots + machine learning
TLDR
It is found that the deployed social honeypots identify social spammers with low false positive rates and that the harvested spam data contains signals that are strongly correlated with observable profile features (e.g., content, friend information, posting patterns, etc.).
Honeypot detection in advanced botnet attacks
TLDR
This paper presents a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have a liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this constraint.
Honeypot-Aware Advanced Botnet Construction and Maintenance
  • C. Zou, Ryan Cunningham
  • Computer Science
    International Conference on Dependable Systems and Networks (DSN'06)
  • 2006
TLDR
A hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have liability constraints such that they cannot allow their honeypots to participate in real (or too many real) attacks.
Studying Spamming Botnets Using Botlab
TLDR
It is found that six botnets are responsible for 79% of spam messages arriving at the UW campus, and defensive tools that take advantage of the Botlab platform to improve spam filtering and protect users from harmful web sites advertised within botnet-generated spam are presented.
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection
TLDR
This paper presents a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C &C server names/addresses).
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
TLDR
This paper proposes an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C &C server addresses, and shows that BotSniffer can detect real-world botnets with high accuracy and has a very low false positive rate.
@spam: the underground on 140 characters or less
TLDR
A characterization of spam on Twitter finds that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists, and examines whether the use of URL blacklists would help to significantly stem the spread of Twitter spam.
Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation
TLDR
Argos is built upon a fast x86 emulator which tracks network data throughout execution to identify their invalid use as jump targets, function addresses, instructions, etc, and is able to generate accurate network intrusion detection signatures for the exploits that are immune to payload mutations.
Spamalytics: an empirical analysis of spam marketing conversion
TLDR
The best way to measure spam is to be a spammer, and this study makes use of an existing spamming botnet, by infiltrating the botnet parasitically and convincing it to modify a subset of the spam it already sends, thereby directing any interested recipients to Web sites under the authors' control.
...
...