Social Botnet Behavior Detecting in the End Host

processes. Host-side approaches tar get on suspicious process behaviors which are not robust enough to face the challen ges of frequent variants and novel social bots. In this paper, we propose a novel social bot behavior detectin g approach in the end host. Because social bot binaries or source codes are not easy to collect, we first desi gn a novel social botnet, named wbbot, based on Sina Weibo. We analyze it from two aspects, wbbot architecture and wbbot behaviors. Second, we analyze the host behaviors of existing social botnets which come from public websites, other researchers, and our implementations. We identify six critical phases: infection, pre-defined host behaviors, establish­ ment of C&C, receive the commands of botmaster, execution of social bot commands, and return the results. Third, we present