A Survey of Botnet Detection Techniques by Command and Control Infrastructure

Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques.  This analysis reviewed the history of botnets and botnet detection techniques. The analysis showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting peer-to-peer and other decentralized botnets. Furthermore, the detection techniques aimed at decentralized and peer-to-peer botnets focus on detecting communications between the infected bots.  However, the increased use of obfuscation and encryption has significantly impacted the ability to detect botnet communications.

[1]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[2]  Radu State,et al.  BotCloud: Detecting botnets using MapReduce , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[3]  Priyanshu,et al.  BUILDING A SCALABLE SYSTEM FOR STEALTHY P2P- BOTNET DETECTION , 2017 .

[4]  D. Ventre Cyber Conflict: Competing National Perspectives , 2012 .

[5]  Radu State,et al.  BotTrack: Tracking Botnets Using NetFlow and PageRank , 2011, Networking.

[6]  Wei Lu,et al.  Mining Botnet Behaviors on the Large-Scale Web Application Community , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[7]  Kang G. Shin,et al.  On detection of current and next-generation botnets , 2012 .

[8]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[9]  Marco Roscini,et al.  Cyber Operations and the Use of Force in International Law , 2014 .

[10]  Nizar Kheir,et al.  BotSuer: Suing Stealthy P2P Bots in Network Traffic through Netflow Analysis , 2013, CANS.

[11]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[12]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[13]  Irfan-Ullah Awan,et al.  A Next-Generation Approach to Combating Botnets , 2013, Computer.

[14]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[15]  Shunzheng Yu,et al.  Centralized Botnet Detection by Traffic Aggregation , 2009, 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[16]  Igor Santos,et al.  Challenges and Limitations in Current Botnet Detection , 2011, 2011 22nd International Workshop on Database and Expert Systems Applications.

[17]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[18]  Vinod Yegneswaran,et al.  Active Botnet Probing to Identify Obscure Command and Control Channels , 2009, 2009 Annual Computer Security Applications Conference.

[19]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[20]  Xiapu Luo,et al.  Detecting stealthy P2P botnets using statistical traffic fingerprints , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[21]  A. Nur Zincir-Heywood,et al.  Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers , 2014, 2014 28th International Conference on Advanced Information Networking and Applications Workshops.

[22]  Dustin Burke,et al.  Behavioral Patterns of Fast Flux Service Networks , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[23]  Brian Rexroad,et al.  Wide-Scale Botnet Detection and Characterization , 2007, HotBots.

[24]  Yan Chen,et al.  Botnet Research Survey , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[25]  Jie Luo,et al.  A Detection Method for Botnet Based on Behavior Features , 2013 .

[26]  Christian Rossow,et al.  ProVeX: Detecting Botnets with Encrypted Command and Control Channels , 2013, DIMVA.

[27]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[28]  Marco Roscini Cyber Operations and the jus ad bellum , 2014 .

[29]  Bahari Belaton,et al.  Multi-phase IRC Botnet and Botnet Behavior Detection Model , 2013, ArXiv.

[30]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[31]  Leyla Bilge,et al.  Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis , 2012, ACSAC '12.