SODEXO: A System Framework for Deployment and Exploitation of Deceptive Honeybots in Social Networks

TL;DR

This paper introduces SODEXO, a proactive system framework that deploys deceptive honeybots in social networks to infiltrate and gather intelligence from malicious botnets, enhancing security against social network attacks.

Contribution

The paper presents a novel integrated system and game-theoretic model for deploying honeybots in social networks to proactively combat social botnets.

Findings

SODEXO effectively infiltrates botnets and gathers intelligence.

Proactive honeybot deployment improves detection over passive methods.

Simulation results demonstrate enhanced security strategies.

Abstract

As social networking sites such as Facebook and Twitter are becoming increasingly popular, a growing number of malicious attacks, such as phishing and malware, are exploiting them. Among these attacks, social botnets have sophisticated infrastructure that leverages compromised users accounts, known as bots, to automate the creation of new social networking accounts for spamming and malware propagation. Traditional defense mechanisms are often passive and reactive to non-zero-day attacks. In this paper, we adopt a proactive approach for enhancing security in social networks by infiltrating botnets with honeybots. We propose an integrated system named SODEXO which can be interfaced with social networking sites for creating deceptive honeybots and leveraging them for gaining information from botnets. We establish a Stackelberg game framework to capture strategic interactions between honeybots and botnets, and use quantitative methods to understand the tradeoffs of honeybots for their deployment and exploitation in social networks. We design a protection and alert system that integrates both microscopic and macroscopic models of honeybots and optimally determines the security strategies for honeybots. We corroborate the proposed mechanism with extensive simulations and comparisons with passive defenses.