Open Access Open Access  Restricted Access Subscription Access

On Botnet Detection in Networks, based on Traffic Monitoring


Affiliations
1 Department of Computer Science and Information Technology, Central University of Jammu, Jammu and Kashmir, 181143, India
 

One of the serious and widespread attacks in cyber security is Botnet. Using command and control infrastructure or peer-to-peer communication between bots, botmasters can perform a variety of attacks on internet system-users. To mitigate this, multiple techniques have been developed for botnet detection over the past two decades. In this paper we have discussed various botnet structures and the different techniques of botnet detection proposed in literature. We evaluated these techniques based on their distinctive features and presented their detailed comparative analysis. We also proposed a method for botnet detection using network traffic monitoring. Our approach is based on combining signature and anomaly detection systems that complement each other. Our proposed hybrid detection system may decrease false positive rate in anomaly detection by finding the well-known bots using signature detection and thereby may increase overall detection efficiency.

Keywords

Botnet, Malicious Activities, P2P, Anomaly Detection.
User
Notifications
Font Size

  • H. Choi, H. Lee, H. Lee, and H. Kim, “Botnet detection by monitoring group activities in DNS traffic,” CIT 2007 7th IEEE Int. Conf. Comput. Inf. Technol., pp. 715–720, 2007.
  • “64 BotMiner_ Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection.” .
  • A. K. Tyagi and G. Aghila, “A Wide Scale Survey on Botnet,” Int. J. Comput. Appl., vol. 34, no. 9, pp. 975–8887, 2011.
  • D. Geer, “Malicious bots threaten network security,” Computer (Long. Beach. Calif)., vol. 38, no. 1, pp. 18–20, 2005.
  • W. Lu, G. Rammidi, and A. A. Ghorbani, “Clustering botnet communication traffic based on n-gram feature selection,” Comput. Commun., vol. 34, no. 3, pp. 502–514, 2011.
  • G. Gu, J. Zhang, and W. Lee, “BotSniffer : Detecting Botnet Command and Control Channels in Network Traffic Georgia Institute of Technology Roadmap • BotSniffer Experimental Evaluation,” pp. 1–27, 2008.
  • I. Technology, H. R. Zeidanloo, A. B. Manaf, P. Vahdani, F. Tabatabaei, and M. Zamani, “Botnet Detection Based on Traffic Monitoring,” pp. 97–101, 2010.
  • A. Karim, R. Bin Salleh, M. Shiraz, S. A. A. Shah, I. Awan, and N. B. Anuar, “Botnet detection techniques: review, future trends, and issues,” J. Zhejiang Univ. Sci. C, vol. 15, no. 11, pp. 943–983, 2014.
  • S. Khattak, N. R. Ramay, K. R. Khan, A. A. Syed, and S. A. Khayam, “A Taxonomy of botnet behavior, detection, and defense,” IEEE Commun. Surv. Tutorials, vol. 16, no. 2, pp. 898–924, 2014.
  • P. V. Amoli, “A Taxonomy of Botnet Detection Techniques Hossein Rouhani Zeidanloo , Moh amm ad Jorjor Zadeh M . Safari , Mazdak Zamani B . Intrusion Detection System ( IDS ),” Ind. Eng., pp. 158–162, 2010.
  • A. R. Baker et al., Snort 2.1 Intrusion Detection. 2004.
  • V. Krmicek, “Inspecting DNS Flow Traffic for Purposes of Botnet Detection,” GEANT3 JRA2 T4 Intern. Deliv., pp. 1–9, 2011.
  • D. Hutchison and J. C. Mitchell, Detection of Intrusions and Malware , and Vulnerability Assessment. 1973.
  • “62 29BotHunter Detecting Malware Infection Through IDS-Driven Dialog Correlation.” .
  • “62 28BotMiner Clustering Analysis of Network Traffic for.” .
  • “77 37Adaptive pattern mining model for early detection of botnet-propagation scale.” .
  • A. Karasaridis, B. Rexroad, and D. Hoeflin, “Wide-scale Botnet Detection and Characterization.”
  • J. Goebel and T. Holz, “Rishi : Identify Bot Contaminated Hosts by IRC Nickname Evaluation.”
  • T. Strayer and R. Walsh, “Botnet Detection,” vol. 36, no. June 2014, pp. 0–29, 2008.
  • U. Snort and M. Tcp, “n s t i t u t e u t h o r r e t a i n s f u l l r i g h t s.”
  • D. Dagon, “Botnet Detection and Response The Network is the Infection,” 2005.
  • “Revealing Botnet Membership Using DNSBL Counter-Intelligence.”.

Abstract Views: 225

PDF Views: 0




  • On Botnet Detection in Networks, based on Traffic Monitoring

Abstract Views: 225  |  PDF Views: 0

Authors

Shamsul Haq
Department of Computer Science and Information Technology, Central University of Jammu, Jammu and Kashmir, 181143, India
Yashwant Singh
Department of Computer Science and Information Technology, Central University of Jammu, Jammu and Kashmir, 181143, India

Abstract


One of the serious and widespread attacks in cyber security is Botnet. Using command and control infrastructure or peer-to-peer communication between bots, botmasters can perform a variety of attacks on internet system-users. To mitigate this, multiple techniques have been developed for botnet detection over the past two decades. In this paper we have discussed various botnet structures and the different techniques of botnet detection proposed in literature. We evaluated these techniques based on their distinctive features and presented their detailed comparative analysis. We also proposed a method for botnet detection using network traffic monitoring. Our approach is based on combining signature and anomaly detection systems that complement each other. Our proposed hybrid detection system may decrease false positive rate in anomaly detection by finding the well-known bots using signature detection and thereby may increase overall detection efficiency.

Keywords


Botnet, Malicious Activities, P2P, Anomaly Detection.

References