Download presentation
Presentation is loading. Please wait.
Published byMadalynn Worm Modified over 9 years ago
1
SOCELLBOT: A New Botnet Design to Infect Smartphones via Online Social Networking 2012 25 th IEEE Canadian Conference on Electrical and Computer Engineering(CCECE) Speaker: 呂映萱 102/10/24 Mahammad Reza Faghani and Uyen Trang Nguyen
2
Outline Abstract Introduction The proposed SoCellBot Simulation Results Conclusion 1/15
3
Abstract Smartphone Online Social network(OSN) A new cellular botnet named SoCellBot o Harder to detect o More resilient to bot failures o More cost-effective to cellular bots Raising awareness of new mobile botnets Preventive measures to deter SoCellBot 2/15
4
Introduction 3/15 OSNs Why are OSNs? 1.Most cellular network providers offer OSN access to their clients free of charge. 2.Messages exchanged in OSNs are usually encrypted. 3.The topology of an OSN-based botnet is more resilient to bot failures or unavailability thanks to the highly clustered structure of the social network graph.
5
The proposed SoCellBot SoCellBot Infects smartphones with malware The medium to recruit bots is OSN o Unlike SMS-based botnets, SoCellBot incurs small monetary costs. Architecture o Propagation mechanism o Command and Control channel o Botnet topology maintenance 4/15
6
The proposed SoCellBot Propagation Mechanism o Using social engineering techniques Eye-caching web link Infiltration 5/15
7
The proposed SoCellBot Command and Control Channel o Online social network messaging system (OSNMS) o Using an algorithm to disguise the commands to be normal o Sending message to a random user in Facebook is possible Infected users then infect their friends 6/15
8
The proposed SoCellBot SoCellBot Botnet Topology o Ensured to be connected o It is Resilient to bot failures and unavailability 7/15
9
Simulation OSN Model and Graphs Characteristics of OSN o Degree o Clustering coefficient o High clustering o Low average network distance 8/15
10
Simulation Parameters Original OSN o 3 OSNs of size 5000, 10000, 15000 o Using the algorithm by Holme and Beom to generate Equivalent random graphs(ERG) o Creating ERG by using an algorithm by Viger and Latapy Why ERG ? o ERG helps a malware to propagate faster than the original OSN graph o An attacker may be able to obtain the graph of OSN using a tool such as R[12] or Pajek[2] 9/ 15
11
Simulation Malware Propagation Model 1.Randomly choosing a node(user) for infiltration 2.If (the user executes the command) The user’s smartphone sends out a message to his/her friends, directing them to the malicious content (adjacent vertices in the social network graph) Upon receiving the message, each friend will execute the malware with a probability p 10/15
12
Simulation Setting fields to each command o A unique sequence number (SN) SNs help to minimize the number of duplicate messages o Time-to-live (TTL) A good estimate for the TTL is the diameter of the OSN graph How to avoid detection? o After receiving a command, a node checks the SN to see if it has seen the message before. if (message is new) o TTL-1 o Forwarding the message to its one-hop neighbors (adjacent vertices) else if (message is duplicate) o The node simply discards it 11/15
13
Results …. 12/15 The first set of experiments- Scenario 1 As p from 0.5 to 1, the malware propagate faster
14
Results 13/15 The first set of experiments- Scenario 2 and 3
15
Results 14/15 The second set of experiments
16
Conclusion OSNs are more suitable for mobile botnet communications than the traditional SMS The highly clustered structure of OSNs make the botnet immune from random node failures Disadvantage o It doesn’t show us the preventive measure Cautions is the parent of safety 15/15
17
Related Work “On Cellular Botnet: Measuring the Impact of Malicious Devices on a Cellular Network Core,” In Proc. CCS 2009, Chicago, USA 2009 Theorize the existence of cellular botnets The rigid hierarchical structure of cellular networks make them more vulnerable to the DoS attack. 16
18
Results The simulation was done in MATLAB based on discrete- event simulation Each data point in the graph is averaged over 100 runs, each of which started with a different node selected randomly T(t+1)=T(t)+N(t+1) t : one hop to reach all the neighbors T: infected smartphone N: newly infected smartphone 17
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.