Explore the vast range of titles available.

This paper deals with the observability, controllability, and command and control strategy in the Botnet Defense System (BDS) that disinfects malicious botnets with white-hat botnets. The BDS defends an IoT system built over the Internet. The Internet is characterized by openness, but not all nodes are observable and controllable. We incorporated the concept of observability and controllability into the BDS design and theoretically clarified that the BDS can enhance its observability and controllability by utilizing its white-hat botnets. In addition, we proposed a Withdrawal strategy as a basic strategy to command and control white-hat botnets. Then, we modeled the BDS, adopted the Withdrawal strategy with agent-oriented Petri net PN2 and confirmed the effect through the simulation of the model. The result shows that even if considering observability and controllability, the BDS wiped out the malicious bots and reduced the white-hat bots to less than 1% as long as the white-hat worms were sufficiently infectious.

Online Multimedia Social Networks(OSNs) are popular and efficient medium for millions of users. Unfortunately, in wrong hands, they are also effective medium for spreading social malware and propagation of social botnet. A newly proposed multimedia social network threat, Stegobot masks crucial information in a digital image by using a technique known as steganography. Stegobot works by first infecting a computer and then communicates the stolen information, which could be login passwords, bank account details or credit card numbers. Also it efficiently utilizes the advantage of image steganography to hide the presence of communication within the image sharing behavior of OSNs. Since these social bots exhibit unobservable communication channels, existing botnet detection mechanisms cannot be applied to such botnets. In this paper, we present a novel host based method for detecting and differentiating Stegobot profiles. Also the proposed method shows the ability to detect Stegobot network traffic which is inherently different from legitimate multimedia social network traffic. The best performance of our detection system is demonstrated on different social networks data set with different evaluation metrics. Multiple aspects of multimedia attributes proposed in this study help to explore the hidden communication structure of botnet. Stegobot profiles mimic genuine users and compromise other vulnerable users in social network. By using single view features alone it is very difficult to detect bot profiles as well as Stegobot communications and hence in this work a multi-feature approach is considered. Also, this work attempts to help network security experts and forensic analysts to understand the Stegobot communication and the key profiles inside the malicious network.

Users of online social network (OSN) platforms, e.g. Twitter, are not always humans, and social bots (referred to as bots) are highly prevalent. State-of-the-art research demonstrates that bots can be broadly categorized as either malicious or benign. From a cybersecurity perspective, the behaviors of malicious and benign bots differ. Malicious bots are often controlled by a botmaster who monitors their activities and can perform social engineering and web scraping attacks to collect user information. Consequently, it is imperative to classify bots as either malicious or benign on the basis of features found on OSNs. Most scholars have focused on identifying features that assist in distinguishing between humans and malicious bots; the research on differentiating malicious and benign bots is inadequate. In this study, we focus on identifying meaningful features indicative of anomalous behavior between benign and malicious bots. The effectiveness of our approach is demonstrated by evaluating various semi-supervised machine learning models on Twitter datasets. Among them, a semi-supervised support vector machine achieved the best results in classifying malicious and benign bots.

P2P Botnets are one of the most malevolent threats to the Internet users due to their resiliency against takedown efforts. In this paper, we propose a bot detection system that is capable of detecting stealthy bots in a network. This system treats network traffic as a data stream, segregating the traffic into two parallel streams. The detection is based on failure traffic and communication traffic. The traffic is analyzed during small time window, and the infected hosts are reported immediately. The network administrator can monitor the status of hosts in the network and can take the necessary action before the infected hosts harm the system or can involve in the attacks. Experiments and evaluation of the proposed system on a variety of P2P data transfer applications and P2P botnets have demonstrated high accuracy of detection. The scalability of the proposed system is exhibited through its implementation on Hadoop MapReduce.

A huge number of botnet malware variants can be downloaded by zombie personal computers as secondary injections and upgrades according to their botmasters to perform different distributed/coordinated cyber attacks such as phishing, spam e-mail, malicious Web sites, ransomware, DDoS. In order to generate a faster response to new threats and better understanding of botnet activities, grouping them based on their malicious behaviors has become extremely important. This paper presents a Spatio-Temporal malware clustering algorithm based on its (weekly-hourly-country) features. The dataset contains more than 32 million of malware download logs from 100 honeypots set up by Malware Investigation Task Force (MITF) of Internet Initiative Japan Inc. (IIJ) from 2011 to 2012. The Top-20 malware clustering results coincidentally correspond to Conficker.B and Conficker.C with relatively high precision and recall rates up to 100.0, 88.9 % and 91.7, 100.0 %, respectively. On the other hand, the resulting two clusters of Top-20 countries are comparable to those with high and low growth rates recently reported in 2015 by Asghari et al. Therefore, our approach can be validated and evaluated to yield precision and recall of up to 75.0 and 86.7 %, respectively.

A DNS sinkhole system generates, separates, and manages a blacklist of botnets detected via a botnet detection system. Since numerous bots are newly added and bot codes are updated frequently, blacklist management is extremely expensive and it is difficult to update domain names and IP addresses. Further, effectiveness and accuracy are not guaranteed as the priority of botnets is determined and handled on the basis of subjective decisions of security experts. Hence, this study aims to provide a methodology to manage the blacklist by estimating the botnet risk index (BRI) of the detected botnets from the perspective of a DNS sinkhole system manager and automatically estimating the risk priority of botnets on the basis of this information. The BRI, which is a normalization equation based on a Euclidean vector concept, is calculated in a number of scenarios, with a single command and control server (C&C) and with multiple C&Cs. The BRI has been defined to provide an intuitive understanding of the degree of danger posed by botnets.