Deployment and exploitation of deceptive honeybots in social networks

As social networking sites such as Facebook and Twitter are becoming increasingly popular, a growing number of malicious attacks, such as phishing and malware, are exploiting them. Among these attacks, social botnets have sophisticated infrastructure that leverages compromised user accounts, known as bots, to automate the creation of new social networking accounts for spamming and malware propagation. Traditional defense mechanisms are often passive and reactive to non-zero-day attacks. In this paper, we adopt a proactive approach for enhancing security in social networks by infiltrating botnets with honeybots. We propose an integrated system named SODEXO which can be interfaced with social networking sites for creating deceptive honeybots and leveraging them for gaining information from botnets. We establish a Stackelberg game framework to capture strategic interactions between honeybots and botnets, and use quantitative methods to understand the tradeoffs of honeybots for their deployment and exploitation in social networks. We design a protection and alert system that integrates both microscopic and macroscopic models of honeybots and optimally determines the security strategies for honeybots. We corroborate the proposed mechanism with extensive simulations and comparisons with passive defenses.

[1]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[2]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[3]  Ryan Cunningham,et al.  Honeypot-Aware Advanced Botnet Construction and Maintenance , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[4]  Joseph W Caddell Deception 101 - Primer on Deception , 2004 .

[5]  Arvind Krishnamurthy,et al.  Studying Spamming Botnets Using Botlab , 2009, NSDI.

[6]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[7]  Quanyan Zhu,et al.  Dynamic policy-based IDS configuration , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[8]  Miles A. McQueen,et al.  Deception used for cyber defense of control systems , 2009, 2009 2nd Conference on Human System Interactions.

[9]  Dorothy E. Denning,et al.  Using Deception to Hide Things from Hackers: Processes, Principles, and Techniques , 2006 .

[10]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[11]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[12]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2009, CACM.

[13]  Shouhuai Xu,et al.  A Stochastic Model of Multivirus Dynamics , 2012, IEEE Transactions on Dependable and Secure Computing.

[14]  Quanyan Zhu,et al.  A game-theoretic approach to rule sharing mechanism in networked intrusion detection systems: Robustness, incentives and security , 2011, IEEE Conference on Decision and Control and European Control Conference.

[15]  Minas Gjoka,et al.  Practical Recommendations on Crawling Online Social Networks , 2011, IEEE Journal on Selected Areas in Communications.

[16]  Quanyan Zhu,et al.  Indices of Power in Optimal IDS Default Configuration: Theory and Examples , 2011, GameSec.

[17]  Herbert Bos,et al.  Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[18]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[19]  Baber Aslam,et al.  Chapter 1 Peer-to-Peer Botnets : The Next Generation of Botnet Attacks , 2009 .

[20]  Lei Wu,et al.  Honeypot detection in advanced botnet attacks , 2010, Int. J. Inf. Comput. Secur..

[21]  Eitan Altman,et al.  Maximum Damage Malware Attack in Mobile Wireless Networks , 2012, IEEE/ACM Transactions on Networking.

[22]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.

[23]  David M. Nicol,et al.  The Koobface botnet and the rise of social malware , 2010, 2010 5th International Conference on Malicious and Unwanted Software.