BOTNETS: WORKING MECHANISM AND SURVEY OF DETECTION TECHNIQUES

As internet usage is growing day by day, cyber-crimes have also increased at a very high rate and cyber criminals are performing these crimes as profitable criminal activities The world of cyber security is facing botnet as an emerging threat and the use of Command-and-Control Server(C&C Server) makes this threat a more dangerous one in comparison to all other cyber-attacks. Multiple number of machines are compromised and the collection of such machines as a network creates a botnet, such a network is controlled from a remote location by a bot herder, and he performs different types of malicious activities with all the compromised machines working as bots or zombies. Botnet has the objectives like performing denial of service attack, identity theft, phishing as well as other malicious activities. Detection of these botnets is a very important and main issue; it has motivated me to perform a detailed survey of botnet detection techniques. This paper throws some light on the working principle of botnet and highlights the research work done by various researchers for detection of botnets using different techniques.

Keywords:

Botnet, IoT, Denial of Service, Malware, Cyber-Security.

[1] B.Fang,X.Cui,andW.Wang,“Surveyofbotnets,”Journal of Computer Research and Development, vol. 48, no. 8, pp. 1315–1331, 2011, (in Chinese). [2] G.Vormayr,T.Zseby,andJ.Fabini,“Botnet communication patterns,”IEEECommunicationsSurveys&Tutorials,vol.19, no. 4, pp. 2768–2796, 2017. [3] A. Karim, R. B. Salleh, M. Shiraz et al., “Botnet detection techniques: review, future trends, and issues,” Journal of Zhejiang University Science, vol. 15, no. 11, pp. 943–983, 2014. [4] M.CasenoveandA.Miraglia,“Botnetovertor:theillusionof hiding,”inProceedingsofthe6thinternationalconferenceon cyber conflict, CyCon 2014, tallinn,Estonia, pp. 273–282, Tallinn, Estoni, June 2014. [5] T. Curran and D. Geist, “Using the bitcoin blockchain as a botnet resilience mechanism,” 2016, https://www.os3.nl/ media/2016-2017/courses/ot/dana/tom.pdf. [6] A. Kurt, E. Erdin, M. Cebe, K. Akkaya, and A. S. Uluagac, “LNBot:acoverthybridbotnetonbitcoinlightningnetwork for fun and profit,” in Computer Security – ESORICS 2020. ESORICS 2020, L. Chen, N. Li, K. Liang, and S. Schneider, Eds., Springer, Berlin, Germany, 2020. [7] Li, Chao, Wei Jiang, and Xin Zou. "Botnet: Survey and case study." In 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC), pp. 1184-1187. IEEE, 2009. [8] Tyagi, Amit Kumar, and G. Aghila. "A wide scale survey on botnet." International Journal of Computer Applications 34, no. 9 (2011): 10-23. [9] Mailewa, Akalanka, Jayantha Herath, and Susantha Herath. "A Survey of Effective and Efficient Software Testing." In The Midwest Instruction and Computing Symposium. Retrieved from http://www.micsymposium.org/mics2015/ProceedingsMICS_2015/ Mailewa_2D1_41. pdf. 2015. [10] Hachem, Nabil, Yosra Ben Mustapha, Gustavo Gonzalez Granadillo, and Herve Debar. "Botnets: lifecycle and taxonomy." In 2011 Conference on Network and Information Systems Security, pp. 1-8. IEEE, 2011. [11]Saad, Sherif, Issa Traore, Ali Ghorbani, Bassam Sayed, David Zhao, Wei Lu, John Felix, and Payman Hakimian. "Detecting P2P botnets through network behavior analysis and machine learning." In 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp. 174-180. IEEE, 2011. [12] Zeidanloo, Hossein Rouhani, and Azizah Abdul Manaf. "Botnet command and control mechanisms." In 2009 Second International Conference on Computer and Electrical Engineering, vol. 1, pp. 564-568. IEEE, 2009. [13] Rahimipour, Maryam, and Shahram Jamali. "A Survey on Botnets and Web-based Botnet Characteristics." International Journal of Science, Engineering and Computer Technology 4, no. 11 (2014): 282. [14] Bilge, Balzarotti, Robertson, Kirda and Kruegel,”Disclosure: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow Analysis.” ACSAC '12: Proceedings of the 28th Annual Computer Security Applications Conference December 2012 Pages 129–138. [15] P. Torres, C. Catania, S. Garcia, and C. G. Garino, “An analysis of recurrent neural networks for botnet detection behavior,” in Biennial Congress of Argentina (ARGENCON), Springer, Berlin, Germany, 2016. [16] K. Guang, G. Tang, S. Wang, H. Song, and Y. Bian, “Using deep learning for detecting Bot cloud,” Journal of Communications, vol. 37, no. 11, pp. 114–128, 2016. [17] J. Wang and I. C. Paschalidis, “Botnet detection based on anomaly and community detection,” IEEE Transactions on Control of Network Systems, vol. 4, no. 2, pp. 392–404, 2017. [18] X. Li, J. Wang, and X. Zhang, “Botnet detection technology based on DNS,” Future Internet, vol. 9, no. 4, p. 55, 2017. [19] D. Zhuang and J. M. Chang, “PeerHunter: detecting peer-to-peer botnets through community behavior analysis,” in Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing, pp. 493–500, Taipei, China, September 2017. [20] Sudipta Chowdhury, Mojtaba Khanzadeh, Ravi Akula, Fangyan Zhang, Song Zhang, Hugh Medal, Mohammad Marufuzzaman & Linkan Bian.” Botnet detection using graph-based feature clustering”. Journal of Big Data volume 4,2017. [21] C. D. McDermott, F. Majdani, and A. V. Petrovski, “Botnet detection in the internet of things using deep learning approaches,” in Proceedings of the 2018 International Joint Conference on Neural Networks (IJCNN), Rio de Janeiro, Brazil, December 2018. [22] Di WU,Binxing FANG,Xiang CUI,Qixu LIU. “BotCatcher:botnet detection system based on deep learning”. Journal on Communications, 2018, 39(8): 18-28. [23] M. Singh, M. Singh, and S. Kaur, “Issues and challenges in DNS based botnet detection: a survey,” Computers & Security, vol. 86, pp. 28–52, 2019. [24] A. Al Shorman, H. Faris, and I. Aljarah, “Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection,” Journal of Ambient Intelligence and Humanized Computing, vol. 11, pp. 2809–2825, 2020. [25] Kaijun liu1,, shengwei xu, guoai xu, miao zhang, dawei sun, and haifeng liu.” A Review of Android Malware Detection Approaches based on Machine Learning”. IEEE Access,2020. [26] S. Almutairi, S. Mahfoudh, S. Almutairi, and J. S. Alowibdi, “Hybrid botnet detection based on host and network analysis,” Journal of Computer Networks and Communications, vol. 2020, Article ID 9024726, 16 pages, 2020. [27] W. Jung, H. yang, M. Zhao, L. Sun, and G. Zhou, “IoT botnet detection via power consumption modeling,” Smart Health Smart Health, vol. 15, Article ID 100103, 2020. [28] H.-T. Nguyen, Q.-D. Ngo, D.-H. Nguyen et al., “PSI-rooted subgraph: a novel feature for iot botnet detection using classifier algorithms,” ICT Express, vol. 42, 2020. [29] Ying Xing & Hui Shu & Hao Zhao & Dannong Li & Li Guo, 2021. "Survey on Botnet Detection Techniques: Classification, Methods, and Evaluation," Mathematical Problems in Engineering, Hindawi, vol. 2021, pages 1-24, 2021.