Detecting botnet signals using process mining

• Published in: Computational and mathematical organization theory Vol. 27; no. 2; pp. 161 - 178
• Main Authors: Bicknell, John W., Krebs, Werner G.
• Format: Journal Article
• Language: English
• Published: New York Springer US 01.06.2021; Springer Nature B.V
• Subjects: Algorithms; Artificial Intelligence; Business and Management; Camouflage; Campaigns; Classification; Disguise; Information warfare; Intelligence; Malware; Management; Markov chains; Methodology of the Social Sciences; Operations Research/Decision Theory; Organization theory; S.I. : Social Cyber-Security; Signal processing; Sociology; World War II; Process mining; Misinformation; Cognitive security; Information warfare; Social media; Reflexive control
• ISSN: 1381-298X; 1572-9346
• DOI: 10.1007/s10588-020-09320-x

Detecting and elucidating botnets is an active area of research. Using explainable, highly scalable Apache Spark-based artificial intelligence, process mining technologies are presented which illuminate bot activity within terrorist Twitter data. A derived hidden Markov model suggests that bot logic uses information camouflage in order to disguise intentions similar to World War II Nazi propagandists and Soviet-era practitioners of information warfare enhanced with reflexive control. A future effort is presented which strings together best of breed techniques into a composite classification algorithm in order to improve continually the discovery of malicious accounts, understand cross-platform weaponized botnet dynamics, and model adversarial information warfare campaigns recursively.