{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T11:23:06Z","timestamp":1780053786217,"version":"3.54.0"},"reference-count":45,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2021,1,6]],"date-time":"2021-01-06T00:00:00Z","timestamp":1609891200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>In botnets, a bot master regularly sends command and control messages (C &amp; C messages) to bots for various purposes, such as ordering its commands to bots and collecting critical data from bots. Although such C &amp; C messages can be encrypted by cryptographic methods to hide them, existing botnet detection mechanisms could detect the existence of botnets by capturing suspicious network traffics between the bot master (or the C &amp; C server) and numerous bots. Recently, steganography-based botnets (stego-botnets) have emerged to make C &amp; C communication traffics look normal to botnet detection systems. In stego-botnets, every C &amp; C message is embedded in a multimedia file, such as an image file by using steganography techniques and shared in Social Network Service (SNS) websites (such as Facebook) or online messengers (such as WeChat or KakaoTalk). Consequently, traditional botnet detection systems without steganography detection methods cannot detect them. Meanwhile, according to our survey, we observed that existing studies on the steganography botnet are limited to use only image steganography techniques, although the video steganography method has some obvious advantages over the image steganography method. By this motivation, in this paper, we study a video steganography-based botnet in Social Network Service (SNS) platforms. We first propose a video steganography botnet model based on SNS messengers. In addition, we design a new payload approach-based video steganography method (DECM: Divide-Embed-Component Method) that can embed much more secret data than existing tools by using two open tools VirtualDub and Stegano. We show that our proposed model can be implemented in the Telegram SNS messenger and conduct extensive experiments by comparing our proposed model with DECM with an existing image steganography-based botnet in terms of C &amp; C communication efficiency and undetectability.<\/jats:p>","DOI":"10.3390\/sym13010084","type":"journal-article","created":{"date-parts":[[2021,1,6]],"date-time":"2021-01-06T20:45:42Z","timestamp":1609965942000},"page":"84","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["A Novel Video Steganography-Based Botnet Communication Model in Telegram SNS Messenger"],"prefix":"10.3390","volume":"13","author":[{"given":"Minkyung","family":"Kwak","sequence":"first","affiliation":[{"name":"Department of Defense Science (Computer Engineering and Cyberwarfare Major), Graduate School of Defense Management, Korean National Defense University, Nonsan 33021, Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1274-6291","authenticated-orcid":false,"given":"Youngho","family":"Cho","sequence":"additional","affiliation":[{"name":"Department of Defense Science (Computer Engineering and Cyberwarfare Major), Graduate School of Defense Management, Korean National Defense University, Nonsan 33021, Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2021,1,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1485","DOI":"10.1109\/TIFS.2018.2881657","article-title":"Enhanced PeerHunter: Detecting Peer-to-Peer Botnets through Network-Flow Level Community Behavior Analysis","volume":"14","author":"Zhuang","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Gaonkar, S., Dessai, N., Costa, J., Borkar, A., Aswale, S., and Shetgaonkar, P. (2020, January 24\u201325). A survey on botnet detection techniques. Proceedings of the 2020 International Conference on Emerging Trends in Information Technology and Engineering (IC-ETITE), Vellore, India.","DOI":"10.1109\/ic-ETITE47903.2020.Id-70"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., and Borisov, N. (2011, January 18\u201320). Stegobot: A covert social network botnet. Proceedings of the 2011 International Workshop on Information Hiding, Berlin, Heidelberg.","DOI":"10.1007\/978-3-642-24178-9_21"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Jeon, J., and Cho, Y. (2019). Construction and performance analysis of image steganography-based botnet in KakaoTalk openchat. Computers, 8.","DOI":"10.3390\/computers8030061"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Park, J., and Cho, Y. (2020). Design and Implementation of Automated Steganography Image-Detection System for the KakaoTalk Instant Messenger. Computer, 9.","DOI":"10.3390\/computers9040103"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Sun, Y., Lu, Y., Chen, J., Zhang, W., and Yan, X. (2020). Meaningful secret image sharing scheme with high visual quality based on natural steganography. Mathematics, 8.","DOI":"10.3390\/math8091452"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Alhaddad, M.J., Alkinani, M.H., Atoum, M.S., and Alarood, A.A. (2020). Evolutionary detection accuracy of secret data in audio steganography for securing 5G-enabled internet of things. Symmetry, 12.","DOI":"10.3390\/sym12122071"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"61523","DOI":"10.1109\/ACCESS.2019.2902464","article-title":"Hybrid adaptive video steganography scheme under game model","volume":"7","author":"Niu","year":"2019","journal-title":"IEEE Access"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Yuk, S., and Cho, Y. (2020). A Time-based dynamic operation model for webpage steganography methods. Electronics, 9.","DOI":"10.3390\/electronics9122113"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"7063","DOI":"10.1007\/s11042-014-1952-z","article-title":"Video steganography: A comprehensive review","volume":"74","author":"Sadek","year":"2014","journal-title":"Multimed. Tools Appl."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.image.2019.04.012","article-title":"An adaptive steganographic scheme for H.264\/AVC video with distortion optimization","volume":"76","author":"Xue","year":"2019","journal-title":"Signal. Process. Image Commun."},{"key":"ref_12","unstructured":"(2020, December 09). VirtualDub (ver. 1.10.4). Available online: https:\/\/sourceforge.net\/projects\/virtualdub\/postdownload."},{"key":"ref_13","unstructured":"(2020, December 09). Stegano (ver. 0.9.8). Available online: https:\/\/pypi.org\/project\/stegano."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"692654","DOI":"10.1155\/2009\/692654","article-title":"Botnet: Classification, attacks, detection, tracing, and preventive measures","volume":"1","author":"Liu","year":"2009","journal-title":"Eurasip J. Wirel. Commun. Netw."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1109\/TDSC.2008.35","article-title":"An advanced hybrid peer-to-peer botnet","volume":"7","author":"Wang","year":"2010","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1109\/TDSC.2014.2382590","article-title":"An empirical study of HTTP-based financial botnets","volume":"13","author":"Sood","year":"2016","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Zhang, H., Papadopoulos, C., and Massey, D. (2013, January 14\u201319). Detecting encrypted botnet traffic. Proceedings of the 2013 IEEE INFOCOM, Turin, Italy.","DOI":"10.1109\/INFCOM.2013.6567180"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"101614","DOI":"10.1016\/j.cose.2019.101614","article-title":"Encrypted and covert DNS queries for botnets: Challenges and countermeasures","volume":"88","author":"Patsakis","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Alenazi, A., Traore, I., Ganame, K., and Woungang, I. (2017, January 25\u201327). Holistic model for HTTP botnet detection based on DNS traffic analysis. Proceedings of the 2017 International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada.","DOI":"10.1007\/978-3-319-69155-8_1"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1007\/978-3-319-73951-9_7","article-title":"BoTShark: A deep learning approach for botnet traffic detection","volume":"70","author":"Homayoun","year":"2018","journal-title":"Cyber Threat Intell."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"629","DOI":"10.1016\/j.ins.2019.10.018","article-title":"A fully scalable big data framework for botnet detection based on network traffic analysis","volume":"512","author":"Mousavi","year":"2020","journal-title":"Inf. Sci."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/j.cose.2019.03.013","article-title":"A flow-based approach for Trickbot banking trojan detection","volume":"84","author":"Gezer","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Wu, D., Fang, B., Yin, J., Zhang, F., and Cui, X. (2018, January 18\u201321). SLBot: A serverless botnet based on service flux. Proceedings of the 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), Guangzhou, China.","DOI":"10.1109\/DSC.2018.00034"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"423","DOI":"10.1007\/s10207-018-0412-6","article-title":"Mobile botnets meet social networks: Design and analysis of a new type of botnet","volume":"18","author":"Faghani","year":"2018","journal-title":"Int. J. Inf. Secur."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"21948","DOI":"10.1109\/ACCESS.2019.2898838","article-title":"The Pixogram: Addressing high payload demands for video steganography","volume":"7","author":"Rabie","year":"2019","journal-title":"IEEE Access"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1016\/j.cogsys.2019.09.008","article-title":"A robust steganography method for HEVC based on secret sharing","volume":"59","author":"Liu","year":"2020","journal-title":"Cogn. Syst. Res."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"2768","DOI":"10.1109\/COMST.2017.2749442","article-title":"Botnet communication patterns","volume":"19","author":"Vormayr","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Fedynyshyn, G., Chuah, M., and Tan, G. (2011, January 2\u20134). Detection and classification of different botnet C & C channels. Proceedings of the International Conference on Autonomic and Trusted Computing, Berlin\/Heidelberg, Germany.","DOI":"10.1007\/978-3-642-23496-5_17"},{"key":"ref_29","unstructured":"(2020, December 09). MSU StegoVideo (ver. 1.0). Available online: http:\/\/compression.ru\/video\/stego_video\/index_en.html."},{"key":"ref_30","unstructured":"(2020, December 09). OpenPuff (ver. 4.01). Available online: https:\/\/embeddedsw.net\/OpenPuff_Steganography_Home.html."},{"key":"ref_31","unstructured":"(2020, December 09). TcSteg (ver. 3.0). Available online: https:\/\/keyj.emphy.de\/real-steganography-with-truecrypt."},{"key":"ref_32","unstructured":"(2020, December 09). StegoStick (ver. 1.0). Available online: https:\/\/sourceforge.net\/projects\/stegostick."},{"key":"ref_33","unstructured":"(2020, December 09). HashMyFiles (ver. 2.36). Available online: https:\/\/www.nirsoft.net\/utils\/hash_my_files.html\/."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.diin.2017.09.002","article-title":"Forensic analysis of Telegram messenger on android smartphones","volume":"23","author":"Anglano","year":"2017","journal-title":"Digit. Investig."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1016\/j.neucom.2018.09.091","article-title":"Video steganography: A review","volume":"335","author":"Liu","year":"2019","journal-title":"Neurocomputing"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"3065","DOI":"10.1007\/s11042-015-3170-8","article-title":"Robust video steganography algorithm using adaptive skin-tone detection","volume":"76","author":"Sadek","year":"2017","journal-title":"Multimed. Tools Appl."},{"key":"ref_37","unstructured":"(2020, December 09). OpenStego (ver. 0.7.3). Available online: https:\/\/github.com\/syvaidya\/openstego\/releases\/tag\/openstego-0.7.3."},{"key":"ref_38","unstructured":"(2020, December 09). Steg (ver. 1.1.0.0). Available online: https:\/\/www.fabionet.org."},{"key":"ref_39","first-page":"5354","article-title":"A robust and secure video steganography method in DWT-DCT domains based on multiple object tracking and ECC","volume":"5","author":"Mstafa","year":"2017","journal-title":"IEEE Access"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Cao, M., Tian, L., and Li, C. (2020). A secure video steganography based on the intra-prediction mode (IPM) for H264. Sensors, 20.","DOI":"10.3390\/s20185242"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"161825","DOI":"10.1109\/ACCESS.2020.3021356","article-title":"A new video steganography scheme based on Shi-Tomasi corner detector","volume":"8","author":"Mstafa","year":"2020","journal-title":"IEEE Access"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"102986","DOI":"10.1016\/j.jvcir.2020.102986","article-title":"Motion vector modification distortion analysis-based payload allocation for video steganography","volume":"74","author":"Yao","year":"2021","journal-title":"J. Vis. Commun. Image Represent."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Yadav, P., Mishra, N., and Sharma, S. (2013, January 26\u201328). A secure video steganography with encryption based on LSB technique. Proceedings of the 2013 IEEE International Conference on Computational Intelligence and Computing Research, Enathi, India.","DOI":"10.1109\/ICCIC.2013.6724212"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"423","DOI":"10.1016\/j.compeleceng.2015.10.005","article-title":"A data-hiding technique using scene-change detection for video steganography","volume":"54","author":"Ramalingam","year":"2016","journal-title":"Comput. Electr. Eng."},{"key":"ref_45","unstructured":"(2020, September 01). KakaoTalk. Available online: https:\/\/cs.kakao.com\/helps?service=8&category=24&locale=ko&device=1013&articleId=1073189039."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/1\/84\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:07:33Z","timestamp":1760159253000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/1\/84"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,6]]},"references-count":45,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,1]]}},"alternative-id":["sym13010084"],"URL":"https:\/\/doi.org\/10.3390\/sym13010084","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,6]]}}}