Download presentation
Presentation is loading. Please wait.
1
BotTracer: Bot User Detection Using Clustering Method in RecDroid
Bahman Rashidi, Carol Fung Dept. of Computer Science Virginia Commonwealth University 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16)
2
Overview Introduction RecDroid system Clustering model Evaluation
Conclusion Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 1
3
RecDroid System What is RecDroid?
A framework, to protect Android smartphone users from malicious apps through crowdsourcing. Android OS permission granting All-or-Nothing Two app installation modes: Probation Trusted Real-time resource granting decisions Expert and peer recommendation system Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 2
4
RecDroid System (cont.)
RecDroid UI Installation Process Recommendation Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 3
5
How about malicious users?
RecDroid System (cont.) RecDroid Functionalities: Collecting permission-request responses Search for expert users Recommend low-risk experts’ responses to other users Rank the apps How about malicious users? Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 4
6
Malicious Users in RecDroid
Malicious bot users Botnet RecDroid Server Controlled by same master Build expertise on purpose Lie on the malicious apps Change other apps’ reputation Normal users Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 6
7
Malicious Users Detection in RecDroid
Detection Components Manual Verification Reputation-based filtering Clustering based detection Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 5
8
Clustering Model – Features
What Features so Bot Users Share? App overlaps Time of response Response similarity User A User B A B A U B Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 7
9
Clustering Model - Attack
Similarity calculation the set of n RecDroid users’ profiles the user i’s profile the set of n RecDroid users’ profiles : the common set of responses by both users i and j Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 8
10
Clustering Model – Clustering algorithm
Agglomerative hierarchical clustering method Merges & Splits Dendrogram Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 9
11
Evaluation Simulation setup 10 11 different user groups
10 bot groups controlled by different master attackers 10-15 users (high level of expertise) in each bot group 150 normal users (expertise between 0-1) in the regular group Total number of apps 550 (50 malicious) Normal users install 10 apps from 550 Bot users 10 apps from small sets Each app has 5 permission requests Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 10
12
Evaluation Impact from the number of malicious apps handled by a bot group Optimal cut-off is between 0.6 – 0.8 Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 11
13
Evaluation Detected clusters validation 12 Cut-off 0.7
Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 12
14
Evaluation Accuracy : the ground truth of all users (regular or bot)
: the corresponding detection results Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 13
15
Evaluation Impact from the cutoff threshold on the FN and FP 14
Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 14
16
Conclusion Clustering-based method to detect bot users
Bot users’ features analysis Defining a similarity function Hierarchical clustering method High accuracy in terms of bot detection More improvement : k-means clustering methods Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16) 15
17
Thank you !!! Bahman Rashidi, Carol Fung - 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT’16)
Similar presentations
![Intrusion Detection System Marmagna Desai [ 520 Presentation]](/19/5852227/big_thumb.jpg "Intrusion Detection System Marmagna Desai [ 520 Presentation]>")
