Development of Research on Botnet Defenses, From the Viewpoint of Botnet Lifecycle

Botnets have become one of the most serious threats to Internet security. In the paper we firstly expound our understanding of botnets briefly, including their definition, attributions, topologies and especially lifecycle in which we distinguish the propagation and injection, the command and control, and the attack phases. Then we discuss the techniques of botnet defense according to each phase of the botnet's lifecycle in detail. The goal of the paper is to give the defenders a comprehensive view of the understanding to botnets. We hope that it will advance the research on botnet defenses more in subsequent research.

[1]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[2]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[3]  John McHugh,et al.  Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures? , 2008, ESORICS.

[4]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[5]  Hou Jie,et al.  Overview of Botnet Detection , 2010 .

[6]  Felix C. Freiling,et al.  The Nepenthes Platform: An Efficient Approach to Collect Malware , 2006, RAID.

[7]  John McHugh,et al.  Sybil attacks as a mitigation strategy against the Storm botnet , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[8]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[9]  Brian Rexroad,et al.  Wide-Scale Botnet Detection and Characterization , 2007, HotBots.

[10]  Yao Zhao,et al.  BotGraph: Large Scale Spamming Botnet Detection , 2009, NSDI.

[11]  Brent Byunghoon Kang,et al.  The waledac protocol: The how and why , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[12]  Zou Wei,et al.  HoneyBow: an automated malware collection tool based on the high-interaction honeypot principle , 2007 .

[13]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[14]  Leyla Bilge,et al.  Automatically Generating Models for Botnet Detection , 2009, ESORICS.

[15]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[16]  Christopher Krügel,et al.  Overbot: a botnet protocol based on Kademlia , 2008, SecureComm.

[17]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[18]  TungMing Koo,et al.  Detecting and Analyzing Fast-Flux Service Networks , 2012 .

[19]  Ram Dantu,et al.  Behavior analysis of spam botnets , 2008, 2008 3rd International Conference on Communication Systems Software and Middleware and Workshops (COMSWARE '08).

[20]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[21]  Thorsten Holz,et al.  Tracking and Mitigation of Malicious Remote Control Networks , 2009 .

[22]  John Aycock,et al.  Army of Botnets , 2007, NDSS.

[23]  Wenke Lee,et al.  Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces , 2009, 2009 Annual Computer Security Applications Conference.

[24]  Xuxian Jiang,et al.  A First Step towards Live Botmaster Traceback , 2008, RAID.

[25]  Zhuge Jian,et al.  Research and Development of Botnets , 2008 .

[26]  José M. Fernandez,et al.  Optimising sybil attacks against P2P-based botnets , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).