Trends and Challenges of Botnet Architectures and Detection Techniques

Article Sidebar

JIST Vol5. No1.
pdf
Published: Jun 30, 2015
DOI: https://doi.org/10.14456/jist.2015.6
Keywords:
Botnet Botnet Life-Cycle Botnet Mechanism IDS C&C protocols

Main Article Content

Ritthichai Limarunothai
Faculty of Information Science and Information Technology, Mahanakorn University of Technology
Mohd Amin Munlin
Faculty of Information Science and Information Technology, Mahanakorn University of Technology

Abstract

- Botnets are a notable malware which are a major threat to Internet security as their performing behaviors are widely distributed and based on networking. Since the internet is growing very fast, their increase the risk of botnet spreading rapidly. Many organizations are victims of botnet attacks and can result in significant loss of economy and service. Nowadays, new botnets are more complexity and resilient to evade from detection systems. To understand and up-to-date about botnets, this paper aims to provide an overview of botnets that includes life-cycle, threats and architecture. We classify botnet detection approaches and compare each technique to be aware of their strengths and weaknesses. This paper also discusses the current challenges that includes future trend of botnets.

Article Details

How to Cite
[1]
R. Limarunothai and M. Amin Munlin, “Trends and Challenges of Botnet Architectures and Detection Techniques”, JIST, vol. 5, no. 1, pp. 51–57, Jun. 2015.
Issue
Vol. 5 No. 1 (2015): Journal of Information Science and Technology (JIST) [Jan. 2015 - Jun. 2015]
Section
Research Article: Soft Computing (Detail in Scope of Journal)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

I/we certify that I/we have participated sufficiently in the intellectual content, conception and design of this work or the analysis and interpretation of the data (when applicable), as well as the writing of the manuscript, to take public responsibility for it and have agreed to have my/our name listed as a contributor. I/we believe the manuscript represents valid work. Neither this manuscript nor one with substantially similar content under my/our authorship has been published or is being considered for publication elsewhere, except as described in the covering letter. I/we certify that all the data collected during the study is presented in this manuscript and no data from the study has been or will be published separately. I/we attest that, if requested by the editors, I/we will provide the data/information or will cooperate fully in obtaining and providing the data/information on which the manuscript is based, for examination by the editors or their assignees. Financial interests, direct or indirect, that exist or may be perceived to exist for individual contributors in connection with the content of this paper have been disclosed in the cover letter. Sources of outside support of the project are named in the cover letter.
I/We hereby transfer(s), assign(s), or otherwise convey(s) all copyright ownership, including any and all rights incidental thereto, exclusively to the Journal, in the event that such work is published by the Journal. The Journal shall own the work, including 1) copyright; 2) the right to grant permission to republish the article in whole or in part, with or without fee; 3) the right to produce preprints or reprints and translate into languages other than English for sale or free distribution; and 4) the right to republish the work in a collection of articles in any other mechanical or electronic format.
We give the rights to the corresponding author to make necessary changes as per the request of the journal, do the rest of the correspondence on our behalf and he/she will act as the guarantor for the manuscript on our behalf.
All persons who have made substantial contributions to the work reported in the manuscript, but who are not contributors, are named in the Acknowledgment and have given me/us their written permission to be named. If I/we do not include an Acknowledgment that means I/we have not received substantial contributions from non-contributors and no contributor has been omitted.

References

1. E. Pilli, P. Sharma, S. Tiwari, A Bijalwan, “ Botnet Detection Framework,” International Journal of Computer Applications, Vol. 93, May 2014.

2. M. A. Rajab, J. Zarfoss, F. Monrose, A. Terzis, “A multifaceted approach to understanding the botnet phenomenon,” Internet Measurement Conference, pp. 41–52, 2006

3. M. Yang, G. Ren, J. Zhang,“ Talk about botnets,” The community communications conference, pp. 629-633, 2006.

4. R. S. Abdullah , M. F. Abdollah, Z. A. Muhamad Noh, M. Z. Mas'ud, S. R. Selamat,R. Yusof, “Revealing the Criterion on Botnet Detection Technique,” IJCSI International Journal of Computer Science, Vol. 10, pp. 208-215, March 2013.

5. D. Plohmann, E. Gerhards-Padilla, F. Leder, “Botnets: Detection, Measurement, Disinfection & Defence,” European Network and Information Security Agency (ENISA), 2011.

6. C. Kalt, “Internet Relay Chat: Client Protocol,” Request for Comments (RFC) 2812 (Informational), April 2000.

7. S. S.C. Silva, R. M.P. Silva, R. C.G. Pinto, “Botnets: A survey,” Computer Networks, Vol 57, pp 378-403, Febuary 2013.

8. C. Li, W. Jiang, X. Zou, “Botnet: Survey and Case Study,” IEEE International Conference on Innovative Computing, Information and Control, pp. 1184-1187, December 2009.

9. R. A. RODR´IGUEZ-GO´ MEZ, G. MACIA´-FERNA´NDEZ, P. GARC´IA-TEODORO, “Survey and Taxonomy of Botnet Research through Life-Cycle,” ACM Computing Surveys, Vol. 45, Aug 2013.

10.S. Taghavi Zargar, J. Joshi, D. Tipper, “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks,” IEEE Communications SURVEYS & TUTORIALS, vol. 15, pp 2046-2069, November 2013.

11. H. Rouhani Zeidanloo,A. Abdul Manaf, "Botnet Command and Control Mechanisms,” IEEE International Conference on Computer and Electrical Engineering, pp. 564-568, December 2009.

12. M. Eslahi, “HTTP-Botnets: The Dark Side of a Standard Protocol!,” Cyber Defense Magazine, pp 12-18, April 2013.

13. T. T. Lu, H.Y. Liao, M .F. Chen, "An Advanced Hybrid P2p Botnet 2.0," World Academy of Science, Engineering and Technology, Vol. 5, September 2011.

14. P. Bacher, T. Holz, M. Kotter, and G. Wicherski, “Know your enemy: Tracking botnets,” http://www.honeynet.org/papers/bots/, 2005.

15. M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “A multifaceted approach to understanding the botnet phenomenon,” in Proc. 6th ACM

16. M. Feily, A. Shahrestani, S. Ramadass, “A Survey of Botnet and Botnet Detection,” IEEE International Conference on Emerging Security Information, Systems and Technologies (SECURWARE), pp. 268-273, June 2009.

17. Snort IDS web page. http://www.snort.org, March 2006.

18. C. Chen, H. Lin, “Detecting botnet by anomalous traffic,” Journal of Information Security and Applications, pp. 1-10, July 2014.

19. S. Nagendra Prabhu, D. Shanthi, "A Survey on Anomaly Detection of Botnet in Network," International Journal of Advance Research in Computer Science and Management Studies, Vol. 2, pp. 552-558, January 2014.

20. H. Choi, H. Lee, H. Lee, H. Kim, “Botnet Detection by Monitoring Group Activities in DNS Traffic,” IEEE International Conference on Computer and Information Technology, pp. 715-720, October 2007.

21. R.Villamarin-Salomon, J.C. Brustoloni, “Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic,” IEEE Consumer Communications and Networking Conference, pp. 476-481, 2008.

22. A. M. Manasrah, A. Hasan ,”Detecting Botnet Activities Based on Abnormal DNS traffic,” (IJCSIS) International Journal of Computer Science and Information Security,Vol. 6, pp. 1184-1187, December 2009.

23. H. Choi, H. Lee, “Identifying botnets by capturing group activities in DNS traffic,” Computer Networks, Vol 56, pp. 20-33, January 2012.

24. Stevanovic, Matija, Pedersen, J. Myrup, “Machine learning for identifying botnet network traffic,” Aalborg University, 2013

25. K. Rieck, G. Schwenk, T. Limmer, T. Holz, P. Laskov, “Botzilla: detecting the ’’phoning home’’ of malicious software,” Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1978–1984, March 2010

26. G. Gu, R. Perdisci, J. Zhang, and W. Lee, “Botminer: clustering analysis of network traffic for protocol and structure-independent botnet detection,” in USENIX Security Symposium (SS), San Jose, CA, pp. 139–154, July 2008.

27. H. Choi, H. Lee, “Identifying botnets by capturing group activities in DNS traffic,” in ScienceDirect, Computer Networks, Vol 56, pp.20–33, January 2012

28. M. Stevanovic, J. M. Pedersen, “An efficient flow-based botnet detection using supervised machine learning,” IEEE International Conference on Computing Network and Communications (ICNC), pp. 979-801, Feb 2014.

29. P. Hayati, “botCloud – an emerging platform for cyber-attacks,” the Cloud Security Research Group of the Stratsec Winter School, Sunday, October 2012.

30. M. Eslahi, R. Salleh, N. Badrul Anuar, "MoBots: A New Generation of Botnets on Mobile," International Symposium on Computer Applications and Industrial Electronics (ISCAIE 2012),pp. 262-266 December 2012.