160 likes | 270 Views
SOCELLBOT: A New B otnet D esign to I nfect S martphones via Online S ocial N etworking. Mahammad Reza Faghani and Uyen Trang Nguyen. 2012 25 th IEEE Canadian Conference on Electrical and Computer Engineering(CCECE). Speaker: 呂映萱 102/10/24. Outline. Abstract Introduction
E N D
SOCELLBOT: A New Botnet Design to Infect Smartphones via Online Social Networking Mahammad Reza Faghani and UyenTrang Nguyen 2012 25thIEEE Canadian Conference on Electrical and Computer Engineering(CCECE) Speaker: 呂映萱 102/10/24
Outline • Abstract • Introduction • The proposed SoCellBot • Simulation • Results • Conclusion
Abstract • Smartphone • Online Social network(OSN) • AnewcellularbotnetnamedSoCellBot • Harder to detect • More resilient to bot failures • More cost-effective to cellular bots • Raising awareness of new mobile botnets • Preventive measures to deter SoCellBot
Introduction OSNs • Why are OSNs? • Most cellular network providers offer OSN access to their clients free of charge. • Messages exchanged in OSNs are usually encrypted. • The topology of an OSN-based botnet is more resilient to bot failures or unavailability thanks to the highly clustered structure of the social network graph.
TheproposedSoCellBot • SoCellBotInfects smartphones with malware • The medium to recruit bots isOSN • Unlike SMS-based botnets, SoCellBot incurs small monetary costs. • Architecture • Propagation mechanism • Command and Control channel • Botnet topology maintenance
TheproposedSoCellBot • Propagation Mechanism • Using social engineering techniques • Eye-caching web link • Infiltration
TheproposedSoCellBot • Command and Control Channel • Online social network messaging system (OSNMS) • Using an algorithm to disguise the commands to be normal • Sending message to a random user in Facebook is possible • Infected users then infect their friends
TheproposedSoCellBot • SoCellBot Botnet Topology • Ensured to be connected • It is Resilient to bot failures and unavailability
Simulation • OSN Model and Graphs • Characteristics of OSN • Degree • Clustering coefficient • High clustering • Low average network distance
Simulation Parameters • Original OSN • 3 OSNs of size 5000, 10000, 15000 • Using the algorithm by Holme and Beomto generate • Equivalent random graphs(ERG) • Creating ERG by using an algorithm by Viger and Latapy • Why ERG ? • ERG helps a malware to propagate faster than the original OSN graph • An attacker may be able to obtain the graph of OSN using a tool such as R[12] or Pajek[2]
Simulation • Malware Propagation Model • Randomly choosing a node(user) for infiltration • If (the user executes the command) • The user’s smartphone sends out a message to his/her friends, directing them to the malicious content (adjacent vertices in the social network graph) • Upon receiving the message, each friend will execute the malware with a probability p
Simulation • Setting fieldstoeach command • A unique sequence number (SN) • SNs help to minimize the number of duplicate messages • Time-to-live (TTL) • A good estimate for the TTL is the diameter of the OSN graph • How to avoid detection? • After receiving a command, a node checks the SN to see if it has seen the message before. • if (message is new) • TTL-1 • Forwardingthemessagetoitsone-hopneighbors (adjacentvertices) • else if (message is duplicate) • The node simply discards it
Results • …. As p from 0.5 to 1, the malware propagate faster The first set of experiments- Scenario 1
Results The first set of experiments- Scenario 2 and 3
Results The second set of experiments
Conclusion • OSNs are more suitable for mobile botnet communications than the traditional SMS • The highly clustered structure of OSNs make the botnet immune from random node failures • Disadvantage • Itdoesn’tshowusthepreventive measure • Cautions is the parent of safety