Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
A Novel Video Steganography-Based Botnet Communication Model in Telegram SNS Messenger
Symmetry ( IF 2.2 ) Pub Date : 2021-01-06 , DOI: 10.3390/sym13010084 Minkyung Kwak , Youngho Cho
Symmetry ( IF 2.2 ) Pub Date : 2021-01-06 , DOI: 10.3390/sym13010084 Minkyung Kwak , Youngho Cho
In botnets, a bot master regularly sends command and control messages (C & C messages) to bots for various purposes, such as ordering its commands to bots and collecting critical data from bots. Although such C & C messages can be encrypted by cryptographic methods to hide them, existing botnet detection mechanisms could detect the existence of botnets by capturing suspicious network traffics between the bot master (or the C & C server) and numerous bots. Recently, steganography-based botnets (stego-botnets) have emerged to make C & C communication traffics look normal to botnet detection systems. In stego-botnets, every C & C message is embedded in a multimedia file, such as an image file by using steganography techniques and shared in Social Network Service (SNS) websites (such as Facebook) or online messengers (such as WeChat or KakaoTalk). Consequently, traditional botnet detection systems without steganography detection methods cannot detect them. Meanwhile, according to our survey, we observed that existing studies on the steganography botnet are limited to use only image steganography techniques, although the video steganography method has some obvious advantages over the image steganography method. By this motivation, in this paper, we study a video steganography-based botnet in Social Network Service (SNS) platforms. We first propose a video steganography botnet model based on SNS messengers. In addition, we design a new payload approach-based video steganography method (DECM: Divide-Embed-Component Method) that can embed much more secret data than existing tools by using two open tools VirtualDub and Stegano. We show that our proposed model can be implemented in the Telegram SNS messenger and conduct extensive experiments by comparing our proposed model with DECM with an existing image steganography-based botnet in terms of C & C communication efficiency and undetectability.
中文翻译:
电报SNS Messenger中基于视频隐写的新型僵尸网络通信模型
在僵尸网络中,僵尸主控器会定期出于各种目的向僵尸程序发送命令和控制消息(C&C消息),例如,向僵尸程序命令其命令并从僵尸程序收集关键数据。尽管可以通过加密方法对此类C&C消息进行加密以隐藏它们,但是现有的僵尸网络检测机制可以通过捕获bot主机(或C&C服务器)与众多bot之间的可疑网络流量来检测僵尸网络的存在。最近,基于隐写术的僵尸网络(stego-botnets)应运而生,使C&C通信流量对于僵尸网络检测系统而言看起来很正常。在隐身僵尸网络中,每条C&C消息都嵌入一个多媒体文件中,例如使用隐写术技术的图像文件,并在社交网络服务(SNS)网站(例如Facebook)或在线Messenger(例如WeChat或KakaoTalk)中共享。因此,没有隐写检测方法的传统僵尸网络检测系统无法检测到它们。同时,根据我们的调查,我们发现,尽管视频隐写方法比图像隐写方法具有一些明显的优势,但有关隐写术僵尸网络的现有研究仅限于仅使用图像隐写术技术。出于这种动机,在本文中,我们研究了社交网络服务(SNS)平台中基于视频隐写术的僵尸网络。我们首先提出一个基于SNS Messenger的视频隐写僵尸网络模型。此外,我们设计了一种新的基于有效负载方法的视频隐写方法(DECM:Divide-Embed-Component方法)可以使用两个开放工具VirtualDub和Stegano嵌入比现有工具更多的秘密数据。我们证明了我们提出的模型可以在Telegram SNS Messenger中实现,并且通过将我们提出的模型与DECM与现有的基于图像隐写术的僵尸网络进行比较,就C&C通信效率和不可检测性进行了广泛的实验。
更新日期:2021-01-06
中文翻译:
电报SNS Messenger中基于视频隐写的新型僵尸网络通信模型
在僵尸网络中,僵尸主控器会定期出于各种目的向僵尸程序发送命令和控制消息(C&C消息),例如,向僵尸程序命令其命令并从僵尸程序收集关键数据。尽管可以通过加密方法对此类C&C消息进行加密以隐藏它们,但是现有的僵尸网络检测机制可以通过捕获bot主机(或C&C服务器)与众多bot之间的可疑网络流量来检测僵尸网络的存在。最近,基于隐写术的僵尸网络(stego-botnets)应运而生,使C&C通信流量对于僵尸网络检测系统而言看起来很正常。在隐身僵尸网络中,每条C&C消息都嵌入一个多媒体文件中,例如使用隐写术技术的图像文件,并在社交网络服务(SNS)网站(例如Facebook)或在线Messenger(例如WeChat或KakaoTalk)中共享。因此,没有隐写检测方法的传统僵尸网络检测系统无法检测到它们。同时,根据我们的调查,我们发现,尽管视频隐写方法比图像隐写方法具有一些明显的优势,但有关隐写术僵尸网络的现有研究仅限于仅使用图像隐写术技术。出于这种动机,在本文中,我们研究了社交网络服务(SNS)平台中基于视频隐写术的僵尸网络。我们首先提出一个基于SNS Messenger的视频隐写僵尸网络模型。此外,我们设计了一种新的基于有效负载方法的视频隐写方法(DECM:Divide-Embed-Component方法)可以使用两个开放工具VirtualDub和Stegano嵌入比现有工具更多的秘密数据。我们证明了我们提出的模型可以在Telegram SNS Messenger中实现,并且通过将我们提出的模型与DECM与现有的基于图像隐写术的僵尸网络进行比较,就C&C通信效率和不可检测性进行了广泛的实验。
京公网安备 11010802027423号