SocialImpact: Systematic Analysis of Underground Social Dynamics

Existing research on net-centric attacks has focused on the detection of attack events on network side and the removal of rogue programs from client side. However, such approaches largely overlook the way on how attack tools and unwanted programs are developed and distributed. Recent studies in underground economy reveal that suspicious attackers heavily utilize online social networks to form special interest groups and distribute malicious code. Consequently, examining social dynamics, as a novel way to complement existing research efforts, is imperative to systematically identify attackers and tactically cope with net-centric threats. In this paper, we seek a way to understand and analyze social dynamics relevant to net-centric attacks and propose a suite of measures called SocialImpact for systematically discovering and mining adversarial evidence. We also demonstrate the feasibility and applicability of our approach by implementing a proof-of-concept prototype Cassandra with a case study on real-world data archived from the Internet.

[1]  Jennifer Jie Xu,et al.  Mining communities and their relationships in blogs: A study of online hate groups , 2007, Int. J. Hum. Comput. Stud..

[2]  Eric S. Raymond,et al.  The New Hacker's Dictionary , 1991 .

[3]  Hsinchun Chen,et al.  US domestic extremist groups on the Web: link and content analysis , 2005, IEEE Intelligent Systems.

[4]  Lise Getoor,et al.  To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles , 2009, WWW '09.

[5]  George W. Burruss,et al.  SOCIAL LEARNING AND CYBER-DEVIANCE: EXAMINING THE IMPORTANCE OF A FULL SOCIAL LEARNING MODEL IN THE VIRTUAL WORLD , 2010 .

[6]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[7]  Franco Scarselli,et al.  Inside PageRank , 2005, TOIT.

[8]  Soumen Chakrabarti,et al.  Dynamic personalized pagerank in entity-relation graphs , 2007, WWW '07.

[9]  Claudio Gutierrez,et al.  Survey of graph database models , 2008, CSUR.

[10]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[11]  Gerard Salton,et al.  Term-Weighting Approaches in Automatic Text Retrieval , 1988, Inf. Process. Manag..

[12]  David M. Nicol,et al.  The Koobface botnet and the rise of social malware , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[13]  Sotiris Ioannidis,et al.  Antisocial Networks: Turning a Social Network into a Botnet , 2008, ISC.

[14]  Stefan Savage,et al.  An analysis of underground forums , 2011, IMC '11.

[15]  H. Raiffa,et al.  Decisions with Multiple Objectives , 1993 .

[16]  Ken Chiang,et al.  A Case Study of the Rustock Rootkit and Spam Bot , 2007, HotBots.

[17]  Walter Willinger,et al.  Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference , 2011, IMC 2011.

[18]  Hsinchun Chen,et al.  CrimeNet explorer: a framework for criminal network knowledge discovery , 2005, TOIS.

[19]  Ken Dunham,et al.  Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet , 2008 .

[20]  Yong Lu,et al.  Social Network Analysis of a Criminal Hacker Community , 2010, J. Comput. Inf. Syst..

[21]  Dawn Xiaodong Song,et al.  Inference and analysis of formal models of botnet command and control protocols , 2010, CCS '10.

[22]  Philip S. Yu,et al.  Identifying the influential bloggers in a community , 2008, WSDM '08.

[23]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.