Anatomy of botnet on application layer: Mechanism and mitigation

Botnet-based DDOs attacks progressively using regular-looking application layer requests to exhaust disk capacity as well as server CPU. In the last decade, a number of defense and mitigation mechanisms have emerged to resist botnet. It is important to organise and compare these mechanisms to better understand the problem as well as solutions. Effective defense against botnet-based attacks at OSI layers has been deployed economically. The efficacious reactive approaches for application security are insufficient and enhanced proactive approaches are required. Current studies are curbed in span and do not usually include mitigation techniques to combat botnet threat. Our approach is to establish a fundamental perceptive of different botnet mechanisms employed by each botnet category and the proactive methods to mitigate botnet threat. This paper compares various existing categories of botnet in terms of their timeline, strength and behaviours during each lifecycle phase along with various network and application level mitigation techniques.

[1]  Shahaboddin Shamshirband,et al.  Mobile Botnet Attacks - an Emerging Threat: Classification, Review and Open Issues , 2015, KSII Trans. Internet Inf. Syst..

[2]  Syed Ali Khayam,et al.  BotFlex: A community-driven tool for botnet detection , 2015, J. Netw. Comput. Appl..

[3]  Konstantin Beznosov,et al.  Design and analysis of a social botnet , 2013, Comput. Networks.

[4]  Tanmay De,et al.  DDOS Attack Detection and Mitigation Technique Based on Http Count and Verification Using CAPTCHA , 2015, 2015 International Conference on Computational Intelligence and Networks.

[5]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[6]  Garrett Gross Detecting and destroying botnets , 2016, Netw. Secur..

[7]  Gregory Epiphaniou Detecting and destroying botnets , .

[8]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[9]  Muttukrishnan Rajarajan,et al.  Survey of approaches and features for the identification of HTTP-based botnet traffic , 2016, J. Netw. Comput. Appl..

[10]  Jian Cao,et al.  Combating the evasion mechanisms of social bots , 2016, Comput. Secur..

[11]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[12]  Samuli Sairanen A botnet survey , 2013 .

[13]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[14]  José Carlos Brustoloni,et al.  Sentinel: Hardware-Accelerated Mitigation of Bot-Based DDoS Attacks , 2008, 2008 Proceedings of 17th International Conference on Computer Communications and Networks.

[15]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[16]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[17]  Hari Balakrishnan,et al.  Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks , 2009, NSDI.

[18]  Armando Miraglia,et al.  Botnet over Tor: The illusion of hiding , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[19]  W. Timothy Strayer,et al.  Detecting Botnets with Tight Command and Control , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[20]  Angelos D. Keromytis,et al.  Countering DoS attacks with stateless multipath overlays , 2005, CCS '05.

[21]  K. Shanthi,et al.  Categories of Botnet: A Survey , 2014 .

[22]  Esraa Alomari,et al.  A Survey of Botnet-Based DDoS Flooding Attacks of Application Layer: Detection and Mitigation Approaches , 2016 .

[23]  Kamal Alieyan,et al.  A survey of botnet detection based on DNS , 2017, Neural Computing and Applications.