Title :
A Steganographic Approach to Localizing Botmasters
Author :
Rrushi, Julian L.
Author_Institution :
Center for Cybersecurity, British Columbia Inst. of Technol., Burnaby, BC, Canada
Abstract :
Law enforcement employs an investigative approach based on marked money bills to track illegal drug dealers. In this paper we discuss research that aims at providing law enforcement with the cyber counterpart of that approach in order to track perpetrators that operate botnets. We have devised a novel steganographic approach that generates a watermark hidden within a honey token, i.e. A decoy Word document. The covert bits that comprise the watermark are carried via secret interpretation of object properties in the honey token. The encoding and decoding of object properties into covert bits follow a scheme based on bijective functions generated via a chaotic logistic map. The watermark is retrievable via a secret cryptographic key, which is generated and held by law enforcement. The honey token is leaked to a botmaster via a honey net. In the paper, we elaborate on possible means by which law enforcement can track the leaked honey token to the IP address of a botmaster´s machine.
Keywords :
Internet; computer network security; public key cryptography; steganography; watermarking; Botmaster localization; IP address; bijective functions; botmaster machine; botnets; chaotic logistic map; covert bits; decoding; decoy word document; encoding; honey net; honey token; illegal drug dealer tracking; law enforcement; marked money bills; object property; perpetrator tracking; secret cryptographic key; steganographic approach; Computers; IP networks; Law enforcement; Markov processes; Organizations; Servers; Watermarking; botnets; computer security; steganography;
Conference_Titel :
Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4799-2652-7
DOI :
10.1109/WAINA.2014.152
