Abstract
Once a botnet is constructed over the network, a bot master and bots start communicating by periodically exchanging messages, which is known as botnet C&C communication, in order to send botnet commands to bots, collect critical information stored in bots, upgrade software functions of malwares installed in bots, and so on. For this reason, most existing botnet detection techniques focus on monitoring and capturing suspicious communications between the bot master and bots. Meanwhile, botnets continue to evolve to hide their C&C communication. Recently, a novel type of botnet using image steganography techniques and SNS (Social Network Service) platforms, which is known as image steganography-based botnet or stegobotnet, has emerged to make its C&C communications undetectable by existing botnet detection systems. In stegobotnets, image files used in SNSs carry messages (between the bot master and bots) which are hidden in them by using image steganography techniques. In this paper, we first investigate whether major SNS platforms such as KakaoTalk, Facebook, and Twitter can be suitable for constructing image steganography-based botnets. Next, we construct a part of stegobotnet based on KakaoTalk, and conduct extensive experiments including digital forensic analysis (1) to validate stegobotnet C&C communication can be successful in KakaoTalk and (2) to examine its performance in terms of C&C communication reliability.
Highlights
A botnet consists of huge number of bots, which are computing devices with network functions infected by malwares, and bots are under the control of a cyber-attacker [1,2]
C&Ccommunications communicationsbybythe thefavor favorofofsophisticated sophisticatedsteganography steganography ininorder techniques and infect mobile smartphone devices whose owners actively use SNSs by downloading image files and video clips in which malicious messages may be hidden by a bot master
Messengers, we constructed a part of stegobotnets based on the KakaoTalk mobile messenger, conducted extensive experiments based on it, and analyzed experiment results in terms of stegobotnet command and control (C&C) communication reliability
Summary
A botnet consists of huge number of bots, which are computing devices (such as PCs or smartphones) with network functions infected by malwares, and bots are under the control of a cyber-attacker (i.e., a bot master) [1,2]. The SNS-based stegobotnet has a couple of advantages over existing botnets It hides the existence of its C&C communications by the favor of sophisticated steganography techniques. It separates direct connections between a bot master and bots by locating a SNS server in the middle of the bot master and bots. According to our survey, we observed that no researchers have studied on stegobotnets based on mobile SNS messengers they are one of popular SNS platforms in these days By this motivation, in this paper, we construct a part of (innocuous) stegobotnet based on KakaoTalk [14], which is the most popular mobile SNS messenger in Republic of Korea, conduct extensive experiments on it, and report performance analysis results in terms of stegobotnet C&C communication reliability.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
