Detecting botnet signals using process mining

  • PDF / 1,592,403 Bytes
  • 18 Pages / 439.37 x 666.142 pts Page_size
  • 62 Downloads / 226 Views

DOWNLOAD

REPORT


Detecting botnet signals using process mining John W. Bicknell1   · Werner G. Krebs2

© Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract Detecting and elucidating botnets is an active area of research. Using explainable, highly scalable Apache Spark-based artificial intelligence, process mining technologies are presented which illuminate bot activity within terrorist Twitter data. A derived hidden Markov model suggests that bot logic uses information camouflage in order to disguise intentions similar to World War II Nazi propagandists and Soviet-era practitioners of information warfare enhanced with reflexive control. A future effort is presented which strings together best of breed techniques into a composite classification algorithm in order to improve continually the discovery of malicious accounts, understand cross-platform weaponized botnet dynamics, and model adversarial information warfare campaigns recursively. Keywords  Process mining · Information warfare · Cognitive security · Social media · Misinformation · Reflexive control

1 Introduction Information Warfare (IW) domain experts and scholars at the June 2019 Cyber Endeavour Conference assert that “peacetime is the decisive phase of operations” Anonymous (2019). An IW arms race is underway, and the United States requires near real-time capabilities to identify malicious social media accounts and control the information environment. In the early 21st Century, technologies exist for scaling IW attack manually; the next stage of IW technology development is to automate it (Paul and Matthews 2016; Waltzman 2017). State and non-state actors are weaponizing artificial intelligence (AI) against the U.S. and its allies (Bicknell and Krebs 2019a, d). Inexpensive social media platforms enable unprecedented IW campaigns * John W. Bicknell [email protected] Werner G. Krebs [email protected] 1

CEO More Cowbell Unlimited, Inc, 501 4th Street, Unit 795, 97034 Lake Oswego, OR, USA

2

CEO Acculation, Inc, 5482 Wilshire Blvd., #342, 90036 Los Angeles, CA, USA



13

Vol.:(0123456789)



J. W. Bicknell, W. G. Krebs

which have turned the entire free world into a combat zone and every device into an attack vector delivery vehicle. IW scholar Rand Waltzman asserts this new war be considered a chronic disease with no cure; however, it may be managed. Using techniques analogous to corporate Perception Management (Thomas 2004; Kopp 2005) and multi-channel persuasion marketing (Hanssens et al. 2003) but enhanced with illicit tactics and content not permitted to corporations (Bicknell and Krebs 2019e; BBC 2018), enemies latch on to moments of crisis and exploit fault lines in public discourse with highly effective IW campaigns by coupling ever sophisticated analyses along with choreographed multi-channel weaponized botnet social campaigns. The current state of botnet detection identifies automated features such as identical content, identical targets, coordination of message dispersal, and similar capabilities. Choreographed cross-