Detection of randomized bot command and control traffic on an end-point host

Bots are malicious software entities that unobtrusively infect machines and silently engage in activities ranging from data stealing to cyber warfare. Most recent bot detection methods rely on regularity of bot command and control (C&C) traffic for bot detection but state-of-the-art bots randomize traffic properties to evade regularity based detection techniques. We propose a bot detection system that aims to detect randomized bot C&C traffic and also aim at early bot detection. To this end, separate strategies are devised for bot detection: (i) over a user session and (ii) time periods larger than a user session. Normal HTTP traffic and bot control traffic are modeled over a user session and a Multi-Layer Perceptron Classifier is trained on the two models and later used to classify unlabeled destinations as benign or malicious. For traffic spanning time intervals larger than a user session, temporal persistence, is used to differentiate between traffic to benign and malicious destinations. Testing with multiple datasets yielded good results

Improved LSB stegananalysis based on analysis of adjacent pixel pairs

We propose a simple, reliable method based on probability of transitions and distribution of adjacent pixel pairs for steganalysis on digital images in spatial domain subjected to Least Significant Bit replacement steganography. Our method is sensitive to the statistics of underlying cover image and is a variant of Sample Pair Method. We use the new method to estimate length of hidden message reliably. The novelty of our method is that it detects from the statistics of the underlying image, which is invariant with embedding, whether the results it calculate are reliable or not. To our knowledge, no steganalytic method so far predicts from the properties of the stego image, whether its results are accurate or not

Undetectable least significant bit replacement steganography

In this paper we propose a novel method based on Inverse Transitions for increasing the security of Least Significant Bit (LSB) replacement steganography. Before hiding data using LSB replacement, cover image is preprocessed using inverse transitions. The preprocessing modifies the LSBs in such a way that the resulting change in pixel values can not occur with LSB replacement. The proposed method ensures 100% undetectability for payload up to 1.5 bpp in colour images against most accurate length estimation methods for LSB replacement. The proposed method is faster, does not require any additional storage and ensures complete recovery of hidden data in comparison to state of the art steganography methods. The proposed method can be used in resource constrained applications which demand fast and secure data hiding and loss less recovery of hidden data