A Survey of Botnet and Botnet Detection
- 1 January 2009
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base. It summarizes botnet detection techniques in each class and provides a brief comparison of botnet detection techniques.Keywords
This publication has 14 references indexed in Scilit:
- Flow-based identification of botnet traffic by mining multiple log filesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- An Advanced Hybrid Peer-to-Peer BotnetIEEE Transactions on Dependable and Secure Computing, 2008
- Identifying Botnets Using Anomaly Detection Techniques Applied to DNS TrafficPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- A Taxonomy of Botnet StructuresPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Botnet Detection by Monitoring Group Activities in DNS TrafficPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Botnets and Packet Flooding DDoS Attacks on the Domain Name SystemThe International Journal of Forensic Computer Science, 2007
- Characterizing Dark DNS BehaviorLecture Notes in Computer Science, 2007
- A multifaceted approach to understanding the botnet phenomenonPublished by Association for Computing Machinery (ACM) ,2006
- Scalability, fidelity, and containment in the potemkin virtual honeyfarmACM SIGOPS Operating Systems Review, 2005
- Dynamic Updates in the Domain Name System (DNS UPDATE)Published by RFC Editor ,1997