№1, 2017

BOTNETS AND METHODS OF THEIR DETECTION

Yadigar N. Imamverdiyev, Gulnara B. Garayeva

A botnet is a network of infected computers and the C&C servers, which are controlled by botmasters. Botnets play an important role in cyber attack infrastructure, sometimes millions of computers are involved in these networks. Botnets are constantly evolving, their structure, used protocols, infection methods, purposes of attacks are constantly changing. The paper studies the architecture of botnets, classification of botnets according to various criteria and botnet detection methods (pp.91-101).

Keywords: botnet, C&C server, honeypot, DDoS attack, botnet detection method.
References
  • Liu J., Xiao Y., Ghaboosi K., Deng H., Zhang J. Botnet: classification, attacks, detection, tracing, and preventive measures // EURASIP Journal on Wireless Communications and Networking, 2009, pp.1–12.
  • Li C., Jiang W., Zou X. Botnet: survey and case study / Proc. of the 4th International Conference on Innovative Computing, Information and Control, 2009, pp.1184–1187.
  • McKewan A. Botnets – zombies get smarter // Network Security, 2006, vol.2006, no.6, 18–20.
  • Schiller C.A., BinkleyJ., Evron G., Willems C., Bradley T., Harley D., Cross M. Botnets: the killer web app. Syngress, 2007, 480 p.
  • Rodrigues N., Sousa R., Ferreira P.S., Nogueira A.M. Characterization and modeling of top spam botnets // Network Protocols and Algorithms, 2012, vol.4, no.4, pp.1–26.
  • Silva S.S., Silva R.M., Pinto R.C., Salles R.M. Botnets: A survey // Computer Networks, 2013, vol.57, no.2, pp.378–403.
  • Feily M., Shahrestani A., Ramadass S. A survey of botnet and botnet detection / Proc. of the 3rd International Conference on Emerging Security Information, Systems and Technologies, 2009, pp.268–273.
  • Zeidanloo H., Manaf A. Botnet command and control mechanisms / of the 2nd International Conference on Computer and Electrical Engineering (ICCEE’09), 2009,vol.1, pp.564–5683.
  • Trend Micro. Taxonomy of botnet threats. Technical Report, 2006. http://www.cs.ucsb.edu/ kemm/courses/cs595G/TM06.pdf
  • Rodríguez-GómezR.A., Maciá-Fernández G., García-Teodoro P., Steiner M., Balzarotti D. Resource monitoring for the detection of parasite P2P botnets // Computer Networks, 2014, vol.70, pp.302–311.
  • Singh K., Guntuku S.C., Thakur A., Hota C. Big Data Analytics framework for peer-to-peer botnet detection using Random Forests // Information Sciences, 2014, vol.278, pp.488–497.
  • Sharifnya R., Abadi M. DFBotKiller: Domain-flux botnet detection based on the history of group activities and failures in DNS traffic // Digital Investigation, 2015, vol.12, pp.15–26.
  • OpenDNS Security Whitepaper. The role of DNS in botnet command &control. http://info.opendns.com/rs/opendns/images/OpenDNS_SecurityWhitepaper DNSRoleInBotnets.pdf
  • Jabez J., Muthukumar B. Intrusion Detection System (IDS): Anomaly detection using outlier detection approach // Procedia Computer Science, 2015, vol.48, pp.338–346.
  • Kacha C., Shevade K.A. Comparison of different intrusion detection and prevention systems // International Journal of Emerging Technology and Advanced Engineering, 2012, vol.2, no.12, pp.243–245.
  • ZengY., HuX., ShinK. Detection of botnets using combined host and network level information /IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2010, pp.291–300.
  • On detection of current and next-generation botnets. Ph.D. thesis. The University of Michigan, January 2012.
  • Zhao D., Traore I., Sayed B., Lu W., Saad S., Ghorbani A., Garant D.Botnet detection based on traffic behavior analysis and flow intervals // Computers &Security, 2013, vol.39, part A, pp.2–16.
  • Stevanovic M., Pedersen J.M. Machine learning for identifying botnet network traffic, Aalborg Universitet, Technical Report, 2013, 29 p.
  • Gu G., Perdisci R., ZhangJ., Lee W. Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection / Proc. of the 17th Conference on Security Symposium, 2008, pp.139–154.
  • Choi H., Lee H. Identifying botnets by capturing group activities in DNS traffic // Journal of Computer Networks, 2011, vol.56,pp.20–33.
  • Gu G., Zhang J., Lee W. BotSniffer: detecting botnet command and control channels in network traffic / Proc. of the 15th Network and Distributed System Security Symposium (NDSS), 2008, pp.1–18.
  • Gu G., Porras P., Yegneswaran V., Fong M., Lee W. BotHunter: Detecting malware infection through IDS-driven dialog correlation / Usenix Security, 2007, vol.7, pp.1–16.
  • Shin S., Xu Z., Gu G. EFFORT: Efficient and effective bot malware detection / Proc. of the 31th Annual IEEE Conference on Computer Communications (INFOCOM’12) Mini-Conference, 2012, pp.71–80.
  • Masud M., Khan L., Thuraisingham B. Data Mining Tools for Malware Detection. Taylor & Francis Group, 2011.
  • Dua S., Du X. Data Mining and Machine Learning in Cybersecurity, CRC Press, 2011, 248 p.
  • Aviv A.J., Haeberlen A. Challenges in experimenting with botnet detection systems / Proc. of the 4th Conference on Cyber Security Experimentation and Test (CSET’11), 2011, pp.6.