Botnet Detection using Social Graph Analysis

Signature-based botnet detection methods identify botnets by recognizing Command and Control (C\&C) traffic and can be ineffective for botnets that use new and sophisticate mechanisms for such communications. To address these limitations, we propose a novel botnet detection method that analyzes the social relationships among nodes. The method consists of two stages: (i) anomaly detection in an "interaction" graph among nodes using large deviations results on the degree distribution, and (ii) community detection in a social "correlation" graph whose edges connect nodes with highly correlated communications. The latter stage uses a refined modularity measure and formulates the problem as a non-convex optimization problem for which appropriate relaxation strategies are developed. We apply our method to real-world botnet traffic and compare its performance with other community detection methods. The results show that our approach works effectively and the refined modularity measure improves the detection accuracy.Comment: 7 pages. Allerton Conferenc

Clustering VoIP caller for SPIT identification

The number of unsolicited and advertisement telephony calls over traditional and Internet telephony has rapidly increased over recent few years. Every year, the telecommunication regulators, law enforcement agencies and telecommunication operators receive a very large number of complaints against these unsolicited, unwanted calls. These unwanted calls not only bring financial loss to the users of the telephony but also annoy them with unwanted ringing alerts. Therefore, it is important for the operators to block telephony spammers at the edge of the network so to gain trust of their customers. In this paper, we propose a novel spam detection system by incorporating different social network features for combating unwanted callers at the edge of the network. To this extent the reputation of each caller is computed by processing call detailed records of user using three social network features that are the frequency of the calls between caller and the callee, the duration between caller and the callee and the number of outgoing partners associated with the caller. Once the reputation of the caller is computed, the caller is then places in a spam and non-spam clusters using unsupervised machine learning. The performance of the proposed approach is evaluated using a synthetic dataset generated by simulating the social behaviour of the spammers and the non-spammers. The evaluation results reveal that the proposed approach is highly effective in blocking spammer with 2% false positive rate under a large number of spammers. Moreover, the proposed approach does not require any change in the underlying VoIP network architecture, and also does not introduce any additional signalling delay in a call set-up phase

SaferCross: Enhancing Pedestrian Safety Using Embedded Sensors of Smartphone

The number of pedestrian accidents continues to keep climbing. Distraction from smartphone is one of the biggest causes for pedestrian fatalities. In this paper, we develop SaferCross, a mobile system based on the embedded sensors of smartphone to improve pedestrian safety by preventing distraction from smartphone. SaferCross adopts a holistic approach by identifying and developing essential system components that are missing in existing systems and integrating the system components into a "fully-functioning" mobile system for pedestrian safety. Specifically, we create algorithms for improving the accuracy and energy efficiency of pedestrian positioning, effectiveness of phone activity detection, and real-time risk assessment. We demonstrate that SaferCross, through systematic integration of the developed algorithms, performs situation awareness effectively and provides a timely warning to the pedestrian based on the information obtained from smartphone sensors and Direct Wi-Fi-based peer-to-peer communication with approaching cars. Extensive experiments are conducted in a department parking lot for both component-level and integrated testing. The results demonstrate that the energy efficiency and positioning accuracy of SaferCross are improved by 52% and 72% on average compared with existing solutions with missing support for positioning accuracy and energy efficiency, and the phone-viewing event detection accuracy is over 90%. The integrated test results show that SaferCross alerts the pedestrian timely with an average error of 1.6sec in comparison with the ground truth data, which can be easily compensated by configuring the system to fire an alert message a couple of seconds early.Comment: Published in IEEE Access, 202