yafox
/
blog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix line breaks in stegobot paper

This commit is contained in:
yafox 2020-11-20 19:44:29 +00:00
parent a98ad83a58
commit 57440cb90f
No known key found for this signature in database
GPG Key ID: B501C30B37F4806C
1 changed files with 36 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
refs/stegobot/readme.md
View File

@ -4,12 +4,12 @@
## Authors
Shishir Nagaraja, Vijit Singh, Pragya Agarwal
Indraprastha Institute of Information Technology, New Delhi, India
Shishir Nagaraja, Vijit Singh, Pragya Agarwal
Indraprastha Institute of Information Technology, New Delhi, India
{nagaraja, vijit, pragya}@iiitd.ac.in
Amir Houmansadr, Pratch Piyawongwisal, Nikita Borisov
University of Illinois at Urbana-Champaign, Urbana, IL, USA
Amir Houmansadr, Pratch Piyawongwisal, Nikita Borisov
University of Illinois at Urbana-Champaign, Urbana, IL, USA
{ahouman2,piyawon1,nikita}@illinois.edu
## Abstract
@ -177,14 +177,17 @@ Figure 3 shows the efficiency of botcargo transmission for increasing amounts of
In restricted flooding, high-degree nodes in the topology play the role of hubs and are able to pull and collect large amounts of botcargo. As such they become a natural point where stolen information is collected and can then be siphoned off to the botmaster.
![](figure3.png)
Figure 3: Average channel efficiency against ttl
![](figure4.png)
Figure 4: Communication channel bandwidth and efficiency
*Channel Bandwidth and Efficiency:* Figure 4 shows the bandwidth and efficiency of the communication channel in the average case. Figure 4.a shows the monthly average number of _botcargo-fwd_ messages received by the botmaster (normalized by the size of the botnet) for various amounts of _botcargo-local_ messages collected per bot (constant across bots). Figure 4.a also shows the average efficiency of the communication channel from a bot to the botmaster as the size of the botcargo changes. The network seems to operate at an average efficiency of 30% of collected botcargo reaching the botmaster when _K_ = 2 (#botcargo per bot per month). This decreases with increase in _K_ although the absolute number of messages delivered at the botmaster increases marginally from .75 per bot for _K_ = 2 to 2.5 per bot for _K_ = 10. Further increases result in even more marginal increases as the effects of congestion result in decreasing routing efficiency. A positive effect of increasing per node botcargo collection sizes (_K_) is the reduction in duplicate messages reaching the botmaster. This is shown in figure 4.b, the proportion of duplicate messages rapidly decreases until _K_ = 10 and further reduces to 40% at _K_ = 20. We observe that the positive effects of duplication reduction correspond with an increase in normalized bandwidth as the number of _botcargo-local_ messages collected per node increase.
![](figure5.png)
Figure 5: Experimental results for the number of delivered botcargo
The main result of our experiments is shown in figure 5. Figure 5.a shows the average number of botcargo messages delivered to the botmaster. This shows an increasing trend. This can be traced to the increasing number of users and the number of average number of photo updates per user increase over the months in our dataset. The sharp drops and increases are related to routing performance under *churn*, when a few large uploaders suddenly stop using uploading for certain periods of time, or dormant users being uploading in larger numbers (say from one-two images to twelve-fifteen images per month). Figure 5.b indicates the cumulative amount of traffic received by the botmaster over the years and gives a sense of the total amount of sensitive material she can steal and the long-term trends. Combining the total number of messages reaching the botmaster (18000 _botcargo-fwd_) with the number of bits embedded in each message, we obtain a monthly bandwidth of between 21.60MB/month in the average case (_q_ = 8) to 86.13MB (_q_ = 2) for lower interference from the image adaption process.
@ -216,33 +219,33 @@ The authors would like to thank Anindya Sarkar for providing the source code
for the YASS image steganography scheme.
## References
[1] Facebook. http://www.facebook.com.
[2] Flickr. http://www.flickr.com.
[3] JSteg. http://zooid.org/~paul/crypto/jsteg/.
[4] Koobface. http://en.wikipedia.org/wiki/Koobface.
[5] R. Albert, H. Jeong, and A.-L. Barabasi. Error and attack tolerance of complex networks. Nature, 406(6794):378-382, July 2000.
[6] J. R. Binkley and S. Singh. An algorithm for anomaly-based botnet detection. In SRUTI'06: Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, pages 7-7, Berkeley, CA, USA, 2006. USENIX Association.
[7] J. J. Fridrich, M. Goljan, and D. Soukal. Perturbed quantization steganography. Multimedia Syst, 11(2):98-107, 2005.
[8] J. J. Fridrich, T. Pevný, and J. Kodovský. Statistically undetectable jpeg steganography: dead ends challenges, and opportunities. In D. Kundur, B. Prabhakaran, J. Dittmann, and J. J. Fridrich, editors, Proceedings of the 9th workshop on Multimedia & Security, MM&Sec 2007, Dallas, Texas, USA, September 20-21, 2007, pages 3-14. ACM, 2007.
[9] J. Goebel and T. Holz. Rishi: Identify bot contaminated hosts by IRC nickname evaluation. In HotBots, 2007.
[10] G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In Proceedings of the 17th USENIX Security Symposium (Security'08), 2008.
[11] A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In HotBots, 2007.
[12] Y. Kim, Z. Duric, and D. Richards. Modified matrix encoding technique for minimal distortion steganography. In J. Camenisch, C. S. Collberg, N. F. Johnson, and P. Sallee, editors, Information Hiding, volume 4437 of Lecture Notes in Computer Science, pages 314-327. Springer, 2006.
[13] K. Lee and A. Westfeld. Generalized category attack improving histogrambased attack on jpeg lsb embedding. In Information Hiding workshop, pages 11-13. Springer-Verlag, Lecture Notes in Computer Science, 2007.
[14] K. Lee, A. Westfeld, and S. Lee. Category attack for lsb embedding of jpeg images. In International Workshop on Digital Watermarking, IWDW, volume 4283, pages 35-48. Springer-Verlag, Lecture Notes in Computer
Science, 2006.
[15] S. Nagaraja and R. Anderson. The snooping dragon: social-malware surveillance of the tibetan movement. Technical Report UCAM-CL-TR746, University of Cambridge, March 2009.
[16] S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov. Botgrep: finding p2p bots with structured graph analysis. In Proceedings of the 19th USENIX conference on Security, USENIX Security'10, pages 7-7, Berkeley, CA, USA, 2010. USENIX Association.
[17] A. Nappa, A. Fattori, M. Balduzzi, M. Dell'Amico, and L. Cavallaro. Take a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype. In Proceedings of the 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Bonn, Germany, Lecture Notes in Computer Science. Springer, July 2010.
[18] Newman, Moskowitz, Chang, and Brahmadesam. A steganographic embedding undetectable by JPEG compatibility steganalysis. In IH: International Workshop on Information Hiding, 2002.
[19] P. Porras, H. Saidi, and V. Yegneswaran. A multi-perspective analysis of the Storm (Peacomm) worm. In SRI Technical Report 10-01, 2007.
[20] P. Porras, H. Saidi, and V. Yegneswaran. A foray into Conficker's logic and rendezvous points. In 2nd Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET '09), 2009.
[21] N. Provos and P. Honeyman. Hide and seek: An introduction to steganography. In IEEE Security and Privacy, volume 1, pages 32-44, 2003.
[22] P. Sallee. Model-based steganography. In IWDW, pages 154-167, 2003.
[23] K. Solanki, A. Sarkar, and B. S. Manjunath. YASS: Yet another steganographic scheme that resists blind steganalysis. In T. Furon, F. Cayre, G. J. Doërr, and P. Bas, editors, Information Hiding, volume 4567 of Lecture Notes in Computer Science, pages 16-31. Springer, 2007.
[24] K. Solanki, K. Sullivan, U. Madhow, B. Manjunath, and S. Chandrasekaran. Provably secure steganography: Achieving zero k-l divergence using statistical restoration. In ICIP, 2006.
[25] S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich. Analysis of the Storm and Nugache trojans: P2P is here. ;login, 32(6), Dec. 2007.
[26] Westfeld. F5-A steganographic algorithm: High capacity despite better steganalysis. In IH: International Workshop on Information Hiding, 2001.
[27] A. Westfeld and A. Pfitzmann. Attacks on steganographic systems. In A. Pfitzmann, editor, 3rd International Workshop of Information Hiding, volume 1768, pages 61-75. Springer-Verlag, Lecture Notes in Computer Science, 2000.
[28] T.-F. Yen and M. K. Reiter. Traffic aggregation for malware detection. In DIMVA '08: Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 207-227, Berlin, Heidelberg, 2008. Springer-Verlag.
[1] Facebook. http://www.facebook.com.
[2] Flickr. http://www.flickr.com.
[3] JSteg. http://zooid.org/~paul/crypto/jsteg/.
[4] Koobface. http://en.wikipedia.org/wiki/Koobface.
[5] R. Albert, H. Jeong, and A.-L. Barabasi. Error and attack tolerance of complex networks. Nature, 406(6794):378-382, July 2000.
[6] J. R. Binkley and S. Singh. An algorithm for anomaly-based botnet detection. In SRUTI'06: Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, pages 7-7, Berkeley, CA, USA, 2006. USENIX Association.
[7] J. J. Fridrich, M. Goljan, and D. Soukal. Perturbed quantization steganography. Multimedia Syst, 11(2):98-107, 2005.
[8] J. J. Fridrich, T. Pevný, and J. Kodovský. Statistically undetectable jpeg steganography: dead ends challenges, and opportunities. In D. Kundur, B. Prabhakaran, J. Dittmann, and J. J. Fridrich, editors, Proceedings of the 9th workshop on Multimedia & Security, MM&Sec 2007, Dallas, Texas, USA, September 20-21, 2007, pages 3-14. ACM, 2007.
[9] J. Goebel and T. Holz. Rishi: Identify bot contaminated hosts by IRC nickname evaluation. In HotBots, 2007.
[10] G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In Proceedings of the 17th USENIX Security Symposium (Security'08), 2008.
[11] A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In HotBots, 2007.
[12] Y. Kim, Z. Duric, and D. Richards. Modified matrix encoding technique for minimal distortion steganography. In J. Camenisch, C. S. Collberg, N. F. Johnson, and P. Sallee, editors, Information Hiding, volume 4437 of Lecture Notes in Computer Science, pages 314-327. Springer, 2006.
[13] K. Lee and A. Westfeld. Generalized category attack improving histogrambased attack on jpeg lsb embedding. In Information Hiding workshop, pages 11-13. Springer-Verlag, Lecture Notes in Computer Science, 2007.
[14] K. Lee, A. Westfeld, and S. Lee. Category attack for lsb embedding of jpeg images. In International Workshop on Digital Watermarking, IWDW, volume 4283, pages 35-48. Springer-Verlag, Lecture Notes in Computer Science, 2006.
[15] S. Nagaraja and R. Anderson. The snooping dragon: social-malware surveillance of the tibetan movement. Technical Report UCAM-CL-TR746, University of Cambridge, March 2009.
[16] S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov. Botgrep: finding p2p bots with structured graph analysis. In Proceedings of the 19th USENIX conference on Security, USENIX Security'10, pages 7-7, Berkeley, CA, USA, 2010. USENIX Association.
[17] A. Nappa, A. Fattori, M. Balduzzi, M. Dell'Amico, and L. Cavallaro. Take a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype. In Proceedings of the 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Bonn, Germany, Lecture Notes in Computer Science. Springer, July 2010.
[18] Newman, Moskowitz, Chang, and Brahmadesam. A steganographic embedding undetectable by JPEG compatibility steganalysis. In IH: International Workshop on Information Hiding, 2002.
[19] P. Porras, H. Saidi, and V. Yegneswaran. A multi-perspective analysis of the Storm (Peacomm) worm. In SRI Technical Report 10-01, 2007.
[20] P. Porras, H. Saidi, and V. Yegneswaran. A foray into Conficker's logic and rendezvous points. In 2nd Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET '09), 2009.
[21] N. Provos and P. Honeyman. Hide and seek: An introduction to steganography. In IEEE Security and Privacy, volume 1, pages 32-44, 2003.
[22] P. Sallee. Model-based steganography. In IWDW, pages 154-167, 2003.
[23] K. Solanki, A. Sarkar, and B. S. Manjunath. YASS: Yet another steganographic scheme that resists blind steganalysis. In T. Furon, F. Cayre, G. J. Doërr, and P. Bas, editors, Information Hiding, volume 4567 of Lecture Notes in Computer Science, pages 16-31. Springer, 2007.
[24] K. Solanki, K. Sullivan, U. Madhow, B. Manjunath, and S. Chandrasekaran. Provably secure steganography: Achieving zero k-l divergence using statistical restoration. In ICIP, 2006.
[25] S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich. Analysis of the Storm and Nugache trojans: P2P is here. ;login, 32(6), Dec. 2007.
[26] Westfeld. F5-A steganographic algorithm: High capacity despite better steganalysis. In IH: International Workshop on Information Hiding, 2001.
[27] A. Westfeld and A. Pfitzmann. Attacks on steganographic systems. In A. Pfitzmann, editor, 3rd International Workshop of Information Hiding, volume 1768, pages 61-75. Springer-Verlag, Lecture Notes in Computer Science, 2000.
[28] T.-F. Yen and M. K. Reiter. Traffic aggregation for malware detection. In DIMVA '08: Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 207-227, Berlin, Heidelberg, 2008. Springer-Verlag.
[29] X. Yu, Y. Wang, and T. Tan. On estimation of secret message length in jsteg-like steganography. In International Conference on Pattern Recognition, volume 4, pages 673-676, 2004.