To see the other types of publications on this topic, follow the link: Botnet.
Journal articles on the topic 'Botnet'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Botnet.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Liang, Jianbing, Shuang Zhao, and Shuhui Chen. "A Protocol-Independent Botnet Detection Method Using Flow Similarity." Security and Communication Networks 2022 (July 30, 2022): 1–14. http://dx.doi.org/10.1155/2022/3161143.
Full textAbstract:
The detection of botnets has always been a hot spot in the field of network security. However, there are still many challenges in botnet detection. Most of the current botnet detection approaches, such as machine learning and blacklists, cannot discover evolving botnet variants. These methods are usually only valid for specific botnet protocols which are not general. Even they may be difficult to deal with encrypted botnet traffic. In this paper, we design a protocol-independent botnet detection method for these challenges. Our detection method takes advantage of the group characteristic of the botnet, which is the inherent characteristics of the botnet. We use the sequence of packet length as the characteristic of a flow. Then, we calculate the similarity between these sequences to detect botnets. Our method has an excellent generality, which is not affected by encrypted traffic and the protocols of the botnet. Experiments on a challenging dataset ISCX show that the proposed method can effectively detect botnets with a high average detection rate and low false alarm, which significantly outperforms the state-of-the-art methods. Therefore, the proposed detection method is robust and has a wide range of adaptability in detecting botnets.
2
Al-mashhadi, Saif, Mohammed Anbar, Iznan Hasbullah, and Taief Alaa Alamiedy. "Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic." PeerJ Computer Science 7 (August 13, 2021): e640. http://dx.doi.org/10.7717/peerj-cs.640.
Full textAbstract:
Botnets can simultaneously control millions of Internet-connected devices to launch damaging cyber-attacks that pose significant threats to the Internet. In a botnet, bot-masters communicate with the command and control server using various communication protocols. One of the widely used communication protocols is the ‘Domain Name System’ (DNS) service, an essential Internet service. Bot-masters utilise Domain Generation Algorithms (DGA) and fast-flux techniques to avoid static blacklists and reverse engineering while remaining flexible. However, botnet’s DNS communication generates anomalous DNS traffic throughout the botnet life cycle, and such anomaly is considered an indicator of DNS-based botnets presence in the network. Despite several approaches proposed to detect botnets based on DNS traffic analysis; however, the problem still exists and is challenging due to several reasons, such as not considering significant features and rules that contribute to the detection of DNS-based botnet. Therefore, this paper examines the abnormality of DNS traffic during the botnet lifecycle to extract significant enriched features. These features are further analysed using two machine learning algorithms. The union of the output of two algorithms proposes a novel hybrid rule detection model approach. Two benchmark datasets are used to evaluate the performance of the proposed approach in terms of detection accuracy and false-positive rate. The experimental results show that the proposed approach has a 99.96% accuracy and a 1.6% false-positive rate, outperforming other state-of-the-art DNS-based botnet detection approaches.
3
Ogu, Emmanuel C., Olusegun A. Ojesanmi, Oludele Awodele, and ‘Shade Kuyoro. "A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far." Information 10, no. 11 (October 30, 2019): 337. http://dx.doi.org/10.3390/info10110337.
Full textAbstract:
Botnets have carved a niche in contemporary networking and cybersecurity due to the impact of their operations. The botnet threat continues to evolve and adapt to countermeasures as the security landscape continues to shift. As research efforts attempt to seek a deeper and robust understanding of the nature of the threat for more effective solutions, it becomes necessary to again traverse the threat landscape, and consolidate what is known so far about botnets, that future research directions could be more easily visualised. This research uses the general exploratory approach of the qualitative methodology to survey the current botnet threat landscape: Covering the typology of botnets and their owners, the structure and lifecycle of botnets, botnet attack modes and control architectures, existing countermeasure solutions and limitations, as well as the prospects of a botnet threat. The product is a consolidation of knowledge pertaining the nature of the botnet threat; which also informs future research directions into aspects of the threat landscape where work still needs to be done.
4
Ahmad, Sultan, Sudan Jha, Afroj Alam, Meshal Alharbi, and Jabeen Nazeer. "Analysis of Intrusion Detection Approaches for Network Traffic Anomalies with Comparative Analysis on Botnets (2008–2020)." Security and Communication Networks 2022 (May 12, 2022): 1–11. http://dx.doi.org/10.1155/2022/9199703.
Full textAbstract:
Botnets are conglomerations of traded PCs (bots) that are remotely controlled by its originator (botmaster) under a command-and-control (C&C) foundation. Botnets are the making dangers against cutting edge security. They are the key vehicles for several Internet assaults, for example, spam, distributed denial-of-service (DDoS) attack, rebate distortion, malware spreading, and phishing. This review paper depicts the botnet examined in three domains: preview of botnets, observation, and analysis of botnets, apart from keeping track of them and protecting against them too. We have also attempted to the various ways to indicate differing countermeasures to the botnet dangers and propose future heading for botnet affirmation look into a consolidated report on the energy investigation and future headings for botnet break down are also been presented in this paper.
5
Yamaguchi, Shingo. "Botnet Defense System: Concept, Design, and Basic Strategy." Information 11, no. 11 (November 4, 2020): 516. http://dx.doi.org/10.3390/info11110516.
Full textAbstract:
This paper proposes a new kind of cyber-security system, named Botnet Defense System (BDS), which defends an Internet of Things (IoT) system against malicious botnets. The concept of BDS is “Fight fire with fire”. The distinguishing feature is that it uses white-hat botnets to fight malicious botnets. A BDS consists of four components: Monitor, Strategy Planner, Launcher, and Command and Control (C&C) server. The Monitor component watches over a target IoT system. If the component detects a malicious botnet, the Strategy Planner component makes a strategy against the botnet. Based on the planned strategy, the Launcher component sends white-hat worms into the IoT system and constructs a white-hat botnet. The C&C server component commands and controls the white-hat botnet to exterminate the malicious botnet. Strategy studies are essential to produce intended results. We proposed three basic strategies to launch white-hat worms: All-Out, Few-Elite, and Environment-Adaptive. We evaluated BDS and the proposed strategies through the simulation of agent-oriented Petri net model representing the battle between Mirai botnets and the white-hat botnets. This result shows that the Environment-Adaptive strategy is the best and reduced the number of needed white-hat worms to 38.5% almost without changing the extermination rate for Mirai bots.
6
Huang, Yuanyuan, Lu Jiazhong, Haozhe Tang, and Xiaolei Liu. "A Hybrid Association Rule-Based Method to Detect and Classify Botnets." Security and Communication Networks 2021 (September 16, 2021): 1–9. http://dx.doi.org/10.1155/2021/1028878.
Full textAbstract:
Nowadays, botnet has become a threat in the area of cybersecurity, and, worse still, it is difficult to be detected in complex network environments. Thus, traffic analysis is adopted to detect the botnet since this kind of method is practical and effective; however, the false rate is very high. The reason is that normal traffic and botnet traffic are quite close to the border, making it so difficult to be recognized. In this paper, we propose an algorithm based on a hybrid association rule to detect and classify the botnets, which can calculate botnets’ boundary traffic features and receive effects in the identification between normal and botnet traffic ideally. First, after collecting the data of different botnets in a laboratory, we analyze botnets traffic features by processing a data mining on it. The suspicious botnet traffic is filtered through DNS protocol, black and white list, and real-time feature filtering methods. Second, we analyze the correlation between domain names and IP addresses. Combining with the advantages of the existing time-based detection methods, we do a global correlation analysis on the characteristics of botnets, to judge whether the detection objects can be botnets according to these indicators. Then, we calculate these parameters, including the support, trust, and membership functions for association rules, to determine which type of botnet it belongs to. Finally, we process the test by using the public dataset and it turns out that the accuracy of our algorithm is higher.
7
Zhang, You Lin. "Classification of Botnets and Botnet Defense Techniques." Applied Mechanics and Materials 373-375 (August 2013): 1665–69. http://dx.doi.org/10.4028/www.scientific.net/amm.373-375.1665.
Full textAbstract:
As an effective platform for networking attacking, the botnet brings the most serious threats. In this paper, botnets are categorized into three classes based on network structure. They are centralized botnet, distributed (P2P) bornet and hybrid botnet. This paper divides botnet defense techniques into three fields: detection, measurement and restraint. It analyzes each field in detail, and discusses that which defense technique is suitable for what kind of botnet.
8
Thanh Vu, Simon Nam, Mads Stege, Peter Issam El-Habr, Jesper Bang, and Nicola Dragoni. "A Survey on Botnets: Incentives, Evolution, Detection and Current Trends." Future Internet 13, no. 8 (July 31, 2021): 198. http://dx.doi.org/10.3390/fi13080198.
Full textAbstract:
Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.
9
Fadhil, Heba M., Noor Q. Makhool, Muna M. Hummady, and Zinah O. Dawood. "Machine Learning-based Information Security Model for Botnet Detection." Journal of Cybersecurity and Information Management 9, no. 1 (2022): 68–79. http://dx.doi.org/10.54216/jcim.090106.
Full textAbstract:
Botnet detection develops a challenging problem in numerous fields such as order, cybersecurity, law, finance, healthcare, and so on. The botnet signifies the group of co-operated Internet connected devices controlled by cyber criminals for starting co-ordinated attacks and applying various malicious events. While the botnet is seamlessly dynamic with developing counter-measures projected by both network and host-based detection techniques, the convention techniques are failed to attain sufficient safety to botnet threats. Thus, machine learning approaches are established for detecting and classifying botnets for cybersecurity. This article presents a novel dragonfly algorithm with multi-class support vector machines enabled botnet detection for information security. For effectual recognition of botnets, the proposed model involves data pre-processing at the initial stage. Besides, the model is utilized for the identification and classification of botnets that exist in the network. In order to optimally adjust the SVM parameters, the DFA is utilized and consequently resulting in enhanced outcomes. The presented model has the ability in accomplishing improved botnet detection performance. A wide-ranging experimental analysis is performed and the results are inspected under several aspects. The experimental results indicated the efficiency of our model over existing methods.
10
Mazurczak, Przemysław. "Cybercrime on the Example of Selected Botnets." Polish Political Science Yearbook 50 (2021): 1–12. http://dx.doi.org/10.15804/ppsy202138.
Full textAbstract:
The article presents threat analysis resulting from botnet activity on the Internet. Botnet networks are a very common tool among cybercriminals. They enable the acquisition of large amounts of data from computers infected with the virus that creates the given network entirely subordinated to its creator. Currently, many unidentified botnets are a threat to Internet users. Those identified and diagnosed answer the problem of how dangerous a botnet is in the hands of cybercriminals. The article presents statistics and analysis of selected botnets. Currently, there is a decline in the interest in botnets in cybercrime, although many new threats appear, suggesting that botnets will continue to be popular and are still a dangerous weapon in the hands of criminals.
11
Kwak, Minkyung, and Youngho Cho. "A Novel Video Steganography-Based Botnet Communication Model in Telegram SNS Messenger." Symmetry 13, no. 1 (January 6, 2021): 84. http://dx.doi.org/10.3390/sym13010084.
Full textAbstract:
In botnets, a bot master regularly sends command and control messages (C & C messages) to bots for various purposes, such as ordering its commands to bots and collecting critical data from bots. Although such C & C messages can be encrypted by cryptographic methods to hide them, existing botnet detection mechanisms could detect the existence of botnets by capturing suspicious network traffics between the bot master (or the C & C server) and numerous bots. Recently, steganography-based botnets (stego-botnets) have emerged to make C & C communication traffics look normal to botnet detection systems. In stego-botnets, every C & C message is embedded in a multimedia file, such as an image file by using steganography techniques and shared in Social Network Service (SNS) websites (such as Facebook) or online messengers (such as WeChat or KakaoTalk). Consequently, traditional botnet detection systems without steganography detection methods cannot detect them. Meanwhile, according to our survey, we observed that existing studies on the steganography botnet are limited to use only image steganography techniques, although the video steganography method has some obvious advantages over the image steganography method. By this motivation, in this paper, we study a video steganography-based botnet in Social Network Service (SNS) platforms. We first propose a video steganography botnet model based on SNS messengers. In addition, we design a new payload approach-based video steganography method (DECM: Divide-Embed-Component Method) that can embed much more secret data than existing tools by using two open tools VirtualDub and Stegano. We show that our proposed model can be implemented in the Telegram SNS messenger and conduct extensive experiments by comparing our proposed model with DECM with an existing image steganography-based botnet in terms of C & C communication efficiency and undetectability.
12
Owen, Harry, Javad Zarrin, and Shahrzad M. Pour. "A Survey on Botnets, Issues, Threats, Methods, Detection and Prevention." Journal of Cybersecurity and Privacy 2, no. 1 (February 28, 2022): 74–88. http://dx.doi.org/10.3390/jcp2010006.
Full textAbstract:
Botnets have become increasingly common and progressively dangerous to both business and domestic networks alike. Due to the Covid-19 pandemic, a large quantity of the population has been performing corporate activities from their homes. This leads to speculation that most computer users and employees working remotely do not have proper defences against botnets, resulting in botnet infection propagating to other devices connected to the target network. Consequently, not only did botnet infection occur within the target user’s machine but also neighbouring devices. The focus of this paper is to review and investigate current state of the art and research works for both methods of infection, such as how a botnet could penetrate a system or network directly or indirectly, and standard detection strategies that had been used in the past. Furthermore, we investigate the capabilities of Artificial Intelligence (AI) to create innovative approaches for botnet detection to enable making predictions as to whether there are botnets present within a network. The paper also discusses methods that threat-actors may be used to infect target devices with botnet code. Machine learning algorithms are examined to determine how they may be used to assist AI-based detection and what advantages and disadvantages they would have to compare the most suitable algorithm businesses could use. Finally, current botnet prevention and countermeasures are discussed to determine how botnets can be prevented from corporate and domestic networks and ensure that future attacks can be prevented.
13
Woodiss-Field, Ashley, Michael N. Johnstone, and Paul Haskell-Dowland. "Examination of Traditional Botnet Detection on IoT-Based Bots." Sensors 24, no. 3 (February 5, 2024): 1027. http://dx.doi.org/10.3390/s24031027.
Full textAbstract:
A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conventional computers that may render detection techniques ineffective on compromised IoT devices. This paper describes experiments involving the acquisition of several traditional botnet detection techniques, BotMiner, BotProbe, and BotHunter, to evaluate their capabilities when applied to IoT-based botnets. Multiple simulation environments, using internally developed network traffic generation software, were created to test these techniques on traditional and IoT-based networks, with multiple scenarios differentiated by the total number of hosts, the total number of infected hosts, the botnet command and control (CnC) type, and the presence of aberrant activity. Externally acquired datasets were also used to further test and validate the capabilities of each botnet detection technique. The results indicated, contrary to expectations, that BotMiner and BotProbe were able to detect IoT-based botnets—though they exhibited certain limitations specific to their operation. The results show that traditional botnet detection techniques are capable of detecting IoT-based botnets and that the different techniques may offer capabilities that complement one another.
14
Goranin, Nikolaj, Antanas Čenys, and Jonas Juknius. "MALICIOUS BOTNET SURVIVABILITY MECHANISM EVOLUTION FORECASTING BY MEANS OF A GENETIC ALGORITHM / KENKĖJIŠKŲ BOTNET TINKLŲ IŠGYVENAMUMO MECHANIZMŲ EVOLIUCIJOS PROGNOZAVIMAS GENETINIO ALGORITMO PRIEMONĖMIS." Mokslas - Lietuvos ateitis 4, no. 1 (April 23, 2012): 13–19. http://dx.doi.org/10.3846/mla.2012.04.
Full textAbstract:
Botnets are considered to be among the most dangerous modern malware types and the biggest current threats to global IT infrastructure. Botnets are rapidly evolving, and therefore forecasting their survivability strategies is important for the development of countermeasure techniques. The article propose the botnet-oriented genetic algorithm based model framework, which aimed at forecasting botnet survivability mechanisms. The model may be used as a framework for forecasting the evolution of other characteristics. The efficiency of different survivability mechanisms is evaluated by applying the proposed fitness function. The model application area also covers scientific botnet research and modelling tasks. Santrauka Botnet tinklai pripažįstami kaip vieni pavojingiausių šiuolaikinių kenksmingų programų ir vertinami kaip viena iš didžiausių grėsmių tarptautinei IT infrastruktūrai. Botnettinklai greitai evoliucionuoja, todėl jų savisaugos mechanizmų evoliucijos prognozavimas yra svarbus planuojant ir kuriant kontrpriemones. Šiame straipsnyje pateikiamas genetiniu algoritmu pagrįstas modelis, skirtas Botnet tinklų savisaugos mechanizmų evoliucijai prognozuoti, kuris taip pat gali būti naudojamas kaip pagrindas kitų Botnet tinklų savybių evoliucijai modeliuoti. Skirtingi savisaugos mechanizmai vertinami taikant siūlomą tinkamumo funkciją.
15
Yin, Chun Yong, Ali A. Ghorbani, and Ru Xia Sun. "Research on New Botnet Detection Strategy Based on Information Materials." Advanced Materials Research 282-283 (July 2011): 236–39. http://dx.doi.org/10.4028/www.scientific.net/amr.282-283.236.
Full textAbstract:
Recognized as one the most serious security threats on current Internet infrastructure, botnets with its low resource requirements have developed rapidly. How to detect botnets has become a major topic of current research. Based on existing research results, this paper proposes a new detection strategy, which solves unknown botnet detection efficiency by the behavioral characteristics of botnets. The core idea is separating static characteristic and dynamic behavior of botnet, and optimizing dynamic the parameters of dynamic behavior, and changing passive defense into active defense. According to the behavior of the attacker, this strategy can optimize behavior parameters. The proposed approach has the commonality and the expansibility, which strengthen unknown botnet defense fundamentally.
16
Hsu, Fu-Hau, Chih-Wen Ou, Yan-Ling Hwang, Ya-Ching Chang, and Po-Ching Lin. "Detecting Web-Based Botnets Using Bot Communication Traffic Features." Security and Communication Networks 2017 (2017): 1–11. http://dx.doi.org/10.1155/2017/5960307.
Full textAbstract:
Web-based botnets are popular nowadays. A Web-based botnet is a botnet whose C&C server and bots use HTTP protocol, the most universal and supported network protocol, to communicate with each other. Because the botnet communication can be hidden easily by attackers behind the relatively massive HTTP traffic, administrators of network equipment, such as routers and switches, cannot block such suspicious traffic directly regardless of costs. Based on the clients constituent of a Web server and characteristics of HTTP responses sent to clients from the server, this paper proposes a traffic inspection solution, called Web-based Botnet Detector (WBD). WBD is able to detect suspicious C&C (Command-and-Control) servers of HTTP botnets regardless of whether the botnet commands are encrypted or hidden in normal Web pages. More than 500 GB real network traces collected from 11 backbone routers are used to evaluate our method. Experimental results show that the false positive rate of WBD is 0.42%.
17
Jovanović, Đorđe, and Pavle Vuletić. "Analysis and characterization of IoT malware command and control communication." Telfor Journal 12, no. 2 (2020): 80–85. http://dx.doi.org/10.5937/telfor2002080j.
Full textAbstract:
The emergence of Mirai botnet in 2016 took worldwide research teams by surprise, proving that a large number of low-performance IoT devices could be hacked and used for illegal purposes, causing extremely voluminous DDoS attacks. Therefore, a thorough inspection of the current state of IoT botnets is essential. In this paper, we analyze the dynamic behavior and command and control channels of two classes of IoT botnets, Mirai and Gafgyt. Based on collected information, a comparative analysis and key phases of botnet communication is provided. Such an analysis will serve as a basis for smart botnet detection mechanisms.
18
Jagan, Shanmugam, Ashish Ashish, Miroslav Mahdal, Kenneth Ruth Isabels, Jyoti Dhanke, Parita Jain, and Muniyandy Elangovan. "A Meta-Classification Model for Optimized ZBot Malware Prediction Using Learning Algorithms." Mathematics 11, no. 13 (June 24, 2023): 2840. http://dx.doi.org/10.3390/math11132840.
Full textAbstract:
Botnets pose a real threat to cybersecurity by facilitating criminal activities like malware distribution, attacks involving distributed denial of service, fraud, click fraud, phishing, and theft identification. The methods currently used for botnet detection are only appropriate for specific botnet commands and control protocols; they do not endorse botnet identification in early phases. Security guards have used honeypots successfully in several computer security defence systems. Honeypots are frequently utilised in botnet defence because they can draw botnet compromises, reveal spies in botnet membership, and deter attacker behaviour. Attackers who build and maintain botnets must devise ways to avoid honeypot traps. Machine learning methods support identification and inhibit bot threats to address the problems associated with botnet attacks. To choose the best features to feed as input to the machine learning classifiers to estimate the performance of botnet detection, a Kernel-based Ensemble Meta Classifier (KEMC) Strategy is suggested in this work. And particle swarm optimization (PSO) and genetic algorithm (GA) intelligent optimization algorithms are used to establish the ideal order. The model covered in this paper is employed to forecast Internet cyber security circumstances. The Binary Cross-Entropy (loss), the GA-PSO optimizer, the Softsign activation functions and ensembles were used in the experiment to produce the best results. The model succeeded because Forfileless malware, gathered from well-known datasets, achieved a total accuracy of 93.3% with a True Positive (TP) Range of 87.45% at zero False Positive (FP).
19
Ahmad, Manar, and Maisireem Kamal. "Botne and Botnet Detection Survey." AL-Rafidain Journal of Computer Sciences and Mathematics 10, no. 1 (March 2, 2013): 79–89. http://dx.doi.org/10.33899/csmj.2013.163426.
Full text
20
Jeon and Cho. "Construction and Performance Analysis of Image Steganography-based Botnet in KakaoTalk Openchat." Computers 8, no. 3 (August 21, 2019): 61. http://dx.doi.org/10.3390/computers8030061.
Full textAbstract:
Once a botnet is constructed over the network, a bot master and bots start communicating by periodically exchanging messages, which is known as botnet C&C communication, in order to send botnet commands to bots, collect critical information stored in bots, upgrade software functions of malwares installed in bots, and so on. For this reason, most existing botnet detection techniques focus on monitoring and capturing suspicious communications between the bot master and bots. Meanwhile, botnets continue to evolve to hide their C&C communication. Recently, a novel type of botnet using image steganography techniques and SNS (Social Network Service) platforms, which is known as image steganography-based botnet or stegobotnet, has emerged to make its C&C communications undetectable by existing botnet detection systems. In stegobotnets, image files used in SNSs carry messages (between the bot master and bots) which are hidden in them by using image steganography techniques. In this paper, we first investigate whether major SNS platforms such as KakaoTalk, Facebook, and Twitter can be suitable for constructing image steganography-based botnets. Next, we construct a part of stegobotnet based on KakaoTalk, and conduct extensive experiments including digital forensic analysis (1) to validate stegobotnet C&C communication can be successful in KakaoTalk and (2) to examine its performance in terms of C&C communication reliability.
21
Mannikar, Rucha, and Fabio Di Troia. "Enhancing Botnet Detection in Network Security Using Profile Hidden Markov Models." Applied Sciences 14, no. 10 (May 9, 2024): 4019. http://dx.doi.org/10.3390/app14104019.
Full textAbstract:
A botnet is a network of compromised computer systems, or bots, remotely controlled by an attacker through bot controllers. This covert network poses a threat through large-scale cyber attacks, including phishing, distributed denial of service (DDoS), data theft, and server crashes. Botnets often camouflage their activity by utilizing common internet protocols, such as HTTP and IRC, making their detection challenging. This paper addresses this threat by proposing a method to identify botnets based on distinctive communication patterns between command and control servers and bots. Recognizable traits in botnet behavior, such as coordinated attacks, heartbeat signals, and periodic command distribution, are analyzed. Probabilistic models, specifically Hidden Markov Models (HMMs) and Profile Hidden Markov Models (PHMMs), are employed to learn and identify these activity patterns in network traffic data. This work utilizes publicly available datasets containing a combination of botnet, normal, and background traffic to train and test these models. The comparative analysis reveals that both HMMs and PHMMs are effective in detecting botnets, with PHMMs exhibiting superior accuracy in botnet detection compared to HMMs.
22
Wang, Yichuan, Yefei Zhang, Wenjiang Ji, Lei Zhu, and Yanxiao Liu. "Gleer: A Novel Gini-Based Energy Balancing Scheme for Mobile Botnet Retopology." Wireless Communications and Mobile Computing 2018 (2018): 1–10. http://dx.doi.org/10.1155/2018/7805408.
Full textAbstract:
Mobile botnet has recently evolved due to the rapid growth of smartphone technologies. Unlike legacy botnets, mobile devices are characterized by limited power capacity, calculation capabilities, and wide communication methods. As such, the logical topology structure and communication mode have to be redesigned for mobile botnets to narrow energy gap and lower the reduction speed of nodes. In this paper, we try to design a novel Gini-based energy balancing scheme (Gleer) for the atomic network, which is a fundamental component of the heterogeneous multilayer mobile botnet. Firstly, for each operation cycle, we utilize the dynamic energy threshold to categorize atomic network into two groups. Then, the Gini coefficient is introduced to estimate botnet energy gap and to regulate the probability for each node to be picked as a region C&C server. Experimental results indicate that our proposed method can effectively prolong the botnet lifetime and prevent the reduction of network size. Meanwhile, the stealthiness of botnet with Gleer scheme is analyzed from users’ perspective, and results show that the proposed scheme works well in the reduction of user’ detection awareness.
23
Jadhav, Pranay, Aftab Mulla, Gaurav Bhoi, Sumit Raj, and Sinu Nambiar. "Mobile Botnet Detection." International Journal for Research in Applied Science and Engineering Technology 11, no. 3 (March 31, 2023): 700–704. http://dx.doi.org/10.22214/ijraset.2023.49506.
Full textAbstract:
Abstract: Android, being the most widespread mobile operating systems is in- creasingly becoming a target for malware. Malicious apps designed to turn mobile devices into bots that may form part of a larger botnet have become quite common, thus posing a serious threat. This calls -for more effective methods to detect botnets on the Android plat- form. Hence, in this paper, we present a deep learning approach for Android botnet detection based on Support vector machine (SVM). Our proposed botnet detection system is implemented as a svm- based model that is trained on 342 static app features to distinguish between botnet apps and normal apps.
24
Obeidat, Alaa, and Rola Yaqbeh. "Smart Approach for Botnet Detection Based on Network Traffic Analysis." Journal of Electrical and Computer Engineering 2022 (December 15, 2022): 1–10. http://dx.doi.org/10.1155/2022/3073932.
Full textAbstract:
Today, botnets are the most common threat on the Internet and are used as the main attack vector against individuals and businesses. Cybercriminals have exploited botnets for many illegal activities, including click fraud, DDOS attacks, and spam production. In this article, we suggest a method for identifying the behavior of data traffic using machine learning classifiers including genetic algorithm to detect botnet activities. By categorizing behavior based on time slots, we investigate the viability of detecting botnet behavior without seeing a whole network data flow. We also evaluate the efficacy of two well-known classification methods with reference to this data. We demonstrate experimentally, using existing datasets, that it is possible to detect botnet activities with high precision.
25
Zhao, Hao, Hui Shu, Yuyao Huang, and Ju Yang. "AIBot: A Novel Botnet Capable of Performing Distributed Artificial Intelligence Computing." Electronics 11, no. 19 (October 9, 2022): 3241. http://dx.doi.org/10.3390/electronics11193241.
Full textAbstract:
As an infrastructure platform for launching large-scale cyber attacks, botnets are one of the biggest threats to cyberspace security today. With the development of network technology and changes in the network environment, network attack intelligence has become a trend, and botnet designers are also committed to developing more destructive intelligent botnets. The feasibility of implementing distributed intelligent computing based on botnet node resources is analyzed with regard to the aspects of program size, communication traffic and resource occupancy. AIBot, a botnet model that can perform intelligent computation in a distributed manner, is proposed from the attacker’s perspective, which hierarchically deploys distributed neural network models in the botnet, thereby organizing nodes to collaboratively perform intelligent computation tasks. AIBot enables the distributed execution of intelligent computing tasks on a cluster of bot nodes by decomposing the computational load of a deep neural network model. A general algorithm for the distributed deployment of neural networks in AIBot is proposed, and the overall operational framework for AIBot is given. Two classical neural network models, CNN and RNN, are used as examples to illustrate specific schemes for deploying and running distributed intelligent computing in AIBot. Experimental scenarios were constructed to experimentally validate and briefly evaluate the performance of the two AIBot attack modes, and the overall efficiency of AIBot was evaluated in terms of execution time. This paper studies new forms of botnet attack techniques from a predictive perspective, aiming to increase defenders’ understanding of potential botnet threats, in order to propose effective defense strategies and improve the botnet defense system.
26
Algelal, Zahraa M., Eman Abdulaziz Ghani Aldhaher, Dalia N. Abdul-Wadood, and Radhwan Hussein Abdulzhraa Al-Sagheer. "Botnet detection using ensemble classifiers of network flow." International Journal of Electrical and Computer Engineering (IJECE) 10, no. 3 (June 1, 2020): 2543. http://dx.doi.org/10.11591/ijece.v10i3.pp2543-2550.
Full textAbstract:
Recently, Botnets have become a common tool for implementing and transferring various malicious codes over the Internet. These codes can be used to execute many malicious activities including DDOS attack, send spam, click fraud, and steal data. Therefore, it is necessary to use Modern technologies to reduce this phenomenon and avoid them in advance in order to differentiate the Botnets traffic from normal network traffic. In this work, ensemble classifier algorithms to identify such damaging botnet traffic. We experimented with different ensemble algorithms to compare and analyze their ability to classify the botnet traffic from the normal traffic by selecting distinguishing features of the network traffic. Botnet Detection offers a reliable and cheap style for ensuring transferring integrity and warning the risks before its occurrence.
27
Trajanovski, Tolijan, and Ning Zhang. "An Automated Behaviour-Based Clustering of IoT Botnets." Future Internet 14, no. 1 (December 23, 2021): 6. http://dx.doi.org/10.3390/fi14010006.
Full textAbstract:
The leaked IoT botnet source-codes have facilitated the proliferation of different IoT botnet variants, some of which are equipped with new capabilities and may be difficult to detect. Despite the availability of solutions for automated analysis of IoT botnet samples, the identification of new variants is still very challenging because the analysis results must be manually interpreted by malware analysts. To overcome this challenge, we propose an approach for automated behaviour-based clustering of IoT botnet samples, aimed to enable automatic identification of IoT botnet variants equipped with new capabilities. In the proposed approach, the behaviour of the IoT botnet samples is captured using a sandbox and represented as behaviour profiles describing the actions performed by the samples. The behaviour profiles are vectorised using TF-IDF and clustered using the DBSCAN algorithm. The proposed approach was evaluated using a collection of samples captured from IoT botnets propagating on the Internet. The evaluation shows that the proposed approach enables accurate automatic identification of IoT botnet variants equipped with new capabilities, which will help security researchers to investigate the new capabilities, and to apply the investigation findings for improving the solutions for detecting and preventing IoT botnet infections.
28
Sreeja, B. P. "Survey on Internet of Things Botnet Detection Methodologies: A Report." IRO Journal on Sustainable Wireless Systems 4, no. 3 (September 15, 2022): 185–95. http://dx.doi.org/10.36548/jsws.2022.3.005.
Full textAbstract:
Recently, Internet of Things (IoT) botnets have emerged as a serious security risk. IoT-related systematic and thorough research on botnet detection techniques’ relevance are few. Therefore, this report seek to compile a comprehensive overview of experimental research related to the detection of IoT botnets and then evaluate it. Moreover, it builds a foundation of information about IoT botnet detection techniques. In this work, the gaps in research are studied and recommendations are made for future studies.
29
Yerima, Suleiman Y., Mohammed K. Alzaylaee, Annette Shajan, and Vinod P. "Deep Learning Techniques for Android Botnet Detection." Electronics 10, no. 4 (February 23, 2021): 519. http://dx.doi.org/10.3390/electronics10040519.
Full textAbstract:
Android is increasingly being targeted by malware since it has become the most popular mobile operating system worldwide. Evasive malware families, such as Chamois, designed to turn Android devices into bots that form part of a larger botnet are becoming prevalent. This calls for more effective methods for detection of Android botnets. Recently, deep learning has gained attention as a machine learning based approach to enhance Android botnet detection. However, studies that extensively investigate the efficacy of various deep learning models for Android botnet detection are currently lacking. Hence, in this paper we present a comparative study of deep learning techniques for Android botnet detection using 6802 Android applications consisting of 1929 botnet applications from the ISCX botnet dataset. We evaluate the performance of several deep learning techniques including: CNN, DNN, LSTM, GRU, CNN-LSTM, and CNN-GRU models using 342 static features derived from the applications. In our experiments, the deep learning models achieved state-of-the-art results based on the ISCX botnet dataset and also outperformed the classical machine learning classifiers.
30
Kabla, Arkan Hammoodi Hasan, Achmad Husni Thamrin, Mohammed Anbar, Selvakumar Manickam, and Shankar Karuppayah. "PeerAmbush: Multi-Layer Perceptron to Detect Peer-to-Peer Botnet." Symmetry 14, no. 12 (November 23, 2022): 2483. http://dx.doi.org/10.3390/sym14122483.
Full textAbstract:
Due to emerging internet technologies that mostly depend on the decentralization concept, such as cryptocurrencies, cyber attackers also use the decentralization concept to develop P2P botnets. P2P botnets are considered one of the most serious and challenging threats to internet infrastructure security. Consequently, several open issues still need to be addressed, such as improving botnet intrusion detection systems, because botnet detection is essentially a confrontational problem. This paper presents PeerAmbush, a novel approach for detecting P2P botnets using, for the first time, one of the most effective deep learning techniques, which is the Multi-Layer Perceptron, with certain parameter settings to detect this type of botnet, unlike most current research, which is entirely based on machine learning techniques. The reason for employing machine learning/deep learning techniques, besides data analysis, is because the bots under the same botnet have a symmetrical behavior, and that makes them recognizable compared to benign network traffic. The PeerAmbush also takes the challenge of detecting P2P botnets with fewer selected features compared to the existing related works by proposing a novel feature engineering method based on Best First Union (BFU). The proposed approach showed considerable results, with a very high detection accuracy of 99.9%, with no FPR. The experimental results showed that PeerAmbush is a promising approach, and we look forward to building on it to develop better security defenses.
31
Lee, Yeonjung, Mert Ozer, Steven R. Corman, and Hasan Davulcu. "Identifying Behavioral Factors Leading to Differential Polarization Effects of Adversarial Botnets." ACM SIGAPP Applied Computing Review 23, no. 2 (June 2023): 44–56. http://dx.doi.org/10.1145/3610409.3610412.
Full textAbstract:
In this paper, we utilize a Twitter dataset collected between December 8, 2021 and February 18, 2022, during the lead-up to the 2022 Russian invasion of Ukraine. Our aim is to design a data processing pipeline featuring a high-accuracy Graph Convolutional Network (GCN) based political camp classifier, a botnet detection algorithm, and a robust measure of botnet effects. Our experiments reveal that while the pro-Russian botnet contributes significantly to network polarization , the pro-Ukrainian botnet contributes with moderating effects. To understand the factors leading to these different effects, we analyze the interactions between the botnets and the users, distinguishing between barrier-crossing users, who navigate across different political camps, and barrier-bound users, who remain within their own camps. We observe that the pro-Russian botnet amplifies the barrier-bound partisan users within their own camp most of the time. In contrast, the pro-Ukrainian botnet amplifies the barrier-crossing users on their own camp alongside themselves for the majority of the time.
32
Huancayo Ramos, Katherinne Shirley, Marco Antonio Sotelo Monge, and Jorge Maestre Vidal. "Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics." Sensors 20, no. 16 (August 12, 2020): 4501. http://dx.doi.org/10.3390/s20164501.
Full textAbstract:
Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of service. There have been significant research advances in the development of accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy and performance of such detection methods requires a clear evaluation model in the pursuit of enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper introduces a novel evaluation scheme grounded on supervised machine learning algorithms that enable the detection and discrimination of different botnets families on real operational environments. The proposal relies on observing, understanding and inferring the behavior of each botnet family based on network indicators measured at flow-level. The assumed evaluation methodology contemplates six phases that allow building a detection model against botnet-related malware distributed through the network, for which five supervised classifiers were instantiated were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian, Support Vector Machine and K-Neighbors. The experimental validation was performed on two public datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the adequateness of our proposal which prompted that Random Forest and Decision Tree models are the most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited higher precision rates whilst analyzing a large number of samples with less processing time. The variety of testing scenarios were deeply assessed and reported to set baseline results for future benchmark analysis targeted on flow-based behavioral patterns.
33
Wazzan, Majda, Daniyal Algazzawi, Omaima Bamasaq, Aiiad Albeshri, and Li Cheng. "Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research." Applied Sciences 11, no. 12 (June 20, 2021): 5713. http://dx.doi.org/10.3390/app11125713.
Full textAbstract:
Internet of Things (IoT) is promising technology that brings tremendous benefits if used optimally. At the same time, it has resulted in an increase in cybersecurity risks due to the lack of security for IoT devices. IoT botnets, for instance, have become a critical threat; however, systematic and comprehensive studies analyzing the importance of botnet detection methods are limited in the IoT environment. Thus, this study aimed to identify, assess and provide a thoroughly review of experimental works on the research relevant to the detection of IoT botnets. To accomplish this goal, a systematic literature review (SLR), an effective method, was applied for gathering and critically reviewing research papers. This work employed three research questions on the detection methods used to detect IoT botnets, the botnet phases and the different malicious activity scenarios. The authors analyzed the nominated research and the key methods related to them. The detection methods have been classified based on the techniques used, and the authors investigated the botnet phases during which detection is accomplished. This research procedure was used to create a source of foundational knowledge of IoT botnet detection methods. As a result of this study, the authors analyzed the current research gaps and suggest future research directions.
34
Duan, Li, Jingxian Zhou, You Wu, and Wenyao Xu. "A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems." International Journal of Distributed Sensor Networks 18, no. 3 (March 2022): 155014772110499. http://dx.doi.org/10.1177/15501477211049910.
Full textAbstract:
In smart systems, attackers can use botnets to launch different cyber attack activities against the Internet of Things. The traditional methods of detecting botnets commonly used machine learning algorithms, and it is difficult to detect and control botnets in a network because of unbalanced traffic data. In this article, we present a novel and highly efficient botnet detection method based on an autoencoder neural network in cooperation with decision trees on a given network. The deep flow inspection method and statistical analysis are first applied as a feature selection technique to select relevant features, which are used to characterize the communication-related behavior between network nodes. Then, the autoencoder neural network for feature selection is used to improve the efficiency of model construction. Finally, Tomek-Recursion Borderline Synthetic Minority Oversampling Technique generates additional minority samples to achieve class balance, and an improved gradient boosting decision tree algorithm is used to train and establish an abnormal traffic detection model to improve the detection of unbalanced botnet data. The results of experiments on the ISCX-botnet traffic dataset show that the proposed method achieved better botnet detection performance with 99.10% recall, 99.20% accuracy, 99.1% F1 score, and 99.0% area under the curve.
35
Feng, Liping, Hongbin Wang, Qi Han, Qingshan Zhao, and Lipeng Song. "Modeling Peer-to-Peer Botnet on Scale-Free Network." Abstract and Applied Analysis 2014 (2014): 1–8. http://dx.doi.org/10.1155/2014/212478.
Full textAbstract:
Peer-to-peer (P2P) botnets have emerged as one of the serious threats to Internet security. To prevent effectively P2P botnet, in this paper, a mathematical model which combines the scale-free trait of Internet with the formation of P2P botnet is presented. Explicit mathematical analysis demonstrates that the model has a globally stable endemic equilibrium when infection rate is greater than a critical value. Meanwhile, we find that, in scale-free network, the critical value is very little. Hence, it is unrealistic to completely dispel the P2P botnet. Numerical simulations show that one can take effective countermeasures to reduce the scale of P2P botnet or delay its outbreak. Our findings can provide meaningful instruction to network security management.
36
Ibrahim, Wan Nurhidayah, Mohd Syahid Anuar, Ali Selamat, and Ondrej Krejcar. "BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS." IIUM Engineering Journal 23, no. 1 (January 4, 2022): 95–115. http://dx.doi.org/10.31436/iiumej.v23i1.1789.
Full textAbstract:
Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption & polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. ABSTRAK: Botnet merupakan ancaman siber yang sentiasa berevolusi. Pemilik bot sentiasa memperbaharui strategi keselamatan bagi botnet agar tidak dapat dikesan. Setiap saat, kod-kod sumber baru botnet telah dikesan dan setiap serangan dilihat menunjukkan tahap kesukaran dan ketahanan dalam mengesan bot. Model pengesanan rangkaian botnet konvensional telah menggunakan analisis berdasarkan tanda pengenalan bagi mengatasi halangan besar dalam mengesan corak botnet tersembunyi seperti teknik penyulitan dan teknik polimorfik. Masalah ini lebih bertumpu pada perubahan struktur berpusat kepada struktur bukan berpusat seperti rangkaian rakan ke rakan (P2P). Analisis tingkah laku ini seperti sesuai bagi menyelesaikan masalah-masalah tersebut kerana ianya tidak bergantung kepada analisis rangkaian beban muatan trafik. Selain itu, bagi menjangka botnet baru, model pengesanan harus dibangunkan. Kajian ini bertumpu kepada penggunaan analisa tingkah-laku berdasarkan aliran bagi mengesan botnet baru yang sukar dikesan pada corak pengenalan botnet sedia-ada yang sentiasa berubah dan menggunakan strategi tersembunyi. Kajian ini juga mencadangkan penggunakan Analisis Komponen Bebas (ICA) dan pra-pemprosesan data yang standard bagi meningkatkan kualiti data sebelum pengelasan. Peratusan ciri-ciri penting telah dibandingkan dengan dan tanpa menggunakan ICA. Dapatan kajian melalui eksperimen menunjukkan dengan penggunaan ICA, keputusan adalah jauh lebih baik. Skor F tertinggi ialah 83% bagi bot Neris. Purata skor F bagi sampel botnet baru adalah 74%. Melalui ujian kepentingan ciri, kepentingan ciri meningkat dari 22% kepada 27%, dan kadar positif model latihan palsu juga berkurangan dari 1.8% kepada 1.7%.
37
Almutairi, Suzan, Saoucene Mahfoudh, Sultan Almutairi, and Jalal S. Alowibdi. "Hybrid Botnet Detection Based on Host and Network Analysis." Journal of Computer Networks and Communications 2020 (January 22, 2020): 1–16. http://dx.doi.org/10.1155/2020/9024726.
Full textAbstract:
Botnet is one of the most dangerous cyber-security issues. The botnet infects unprotected machines and keeps track of the communication with the command and control server to send and receive malicious commands. The attacker uses botnet to initiate dangerous attacks such as DDoS, fishing, data stealing, and spamming. The size of the botnet is usually very large, and millions of infected hosts may belong to it. In this paper, we addressed the problem of botnet detection based on network’s flows records and activities in the host. Thus, we propose a general technique capable of detecting new botnets in early phase. Our technique is implemented in both sides: host side and network side. The botnet communication traffic we are interested in includes HTTP, P2P, IRC, and DNS using IP fluxing. HANABot algorithm is proposed to preprocess and extract features to distinguish the botnet behavior from the legitimate behavior. We evaluate our solution using a collection of real datasets (malicious and legitimate). Our experiment shows a high level of accuracy and a low false positive rate. Furthermore, a comparison between some existing approaches was given, focusing on specific features and performance. The proposed technique outperforms some of the presented approaches in terms of accurately detecting botnet flow records within Netflow traces.
38
Jiang, Ci Bin, and Jung Shian Li. "IP Flow Data Correlation with Inference Rules." Advanced Materials Research 403-408 (November 2011): 1211–13. http://dx.doi.org/10.4028/www.scientific.net/amr.403-408.1211.
Full textAbstract:
In recent years, IP flow identification in botnet detection attracts attentions in network security. IP flows associated with bot masters can be used to trace the botnet source. Most botnets suffer a large of IP-based attacks. This paper attempts to explore the correlations between attack behaviors and IP flows. By data collection, sets of functions concerning inference rules and conversion of data format, this paper successfully identifies the botnet attacks by IP flows and the inference patterns. The IP flow-based intrusion detection can efficiently find alert data correlation.
39
Hajjouz, Abdulkader, and Elena Avksentieva. "A CatBoost-Based Approach for High-Accuracy Botnet Detection." Technium: Romanian Journal of Applied Sciences and Technology 15 (October 11, 2023): 26–32. http://dx.doi.org/10.47577/technium.v15i.9635.
Full textAbstract:
The rising prevalence of network botnet attacks poses a significant threat to online security. Compromised networks controlled by malicious entities can perpetrate harm, including distributed denial of service attacks and data theft. In this study, we introduce a method to detect these botnets using the CatBoostClassifier. By analyzing network traffic for suspicious patterns, our system efficiently identifies potential botnet activities. Utilizing the CTU-13 dataset, we achieved an impressive 99.8699% accuracy, underscoring the efficacy of our approach. This research offers valuable insights into botnet attack detection and presents a robust solution for enhancing network security.
40
Zhang, Bonan, Jingjin Li, Lindsay Ward, Ying Zhang, Chao Chen, and Jun Zhang. "Deep Graph Embedding for IoT Botnet Traffic Detection." Security and Communication Networks 2023 (October 25, 2023): 1–10. http://dx.doi.org/10.1155/2023/9796912.
Full textAbstract:
Botnet attacks have mainly targeted computers in the past, which is a fundamental cybersecurity problem. Due to the booming of Internet of things (IoT) devices, an increasing number of botnet attacks are now targeting IoT devices. Researchers have proposed several mechanisms to avoid botnet attacks, such as identification by communication patterns or network topology and defence by DNS blacklisting. A popular direction for botnet detection currently relies on the specific topological characteristics of botnets and uses machine learning models. However, it relies on network experts’ domain knowledge for feature engineering. Recently, neural networks have shown the capability of representation learning. This paper proposes a new approach to extracting graph features via graph neural networks. To capture the particular topology of the botnet, we transform the network traffic into graphs and train a graph neural network to extract features. In our evaluations, we use graph embedding features to train six machine learning models and compare them with the performance of traditional graph features in identifying botnet nodes. The experimental results show that botnet traffic detection is still challenging even with neural networks. We should consider the impact of data, features, and algorithms for an accurate and robust solution.
41
Xing, Ying, Hui Shu, Fei Kang, and Hao Zhao. "Peertrap: An Unstructured P2P Botnet Detection Framework Based on SAW Community Discovery." Wireless Communications and Mobile Computing 2022 (February 8, 2022): 1–18. http://dx.doi.org/10.1155/2022/9900396.
Full textAbstract:
Botnet has become one of the serious threats to the Internet ecosystem, and botnet detection is crucial for tracking and mitigating network threats on the Internet. In the evolution of emerging botnets, peer-to-peer (P2P) botnets are more dangerous and resistant because of their distributed characteristics. Among them, unstructured P2P botnets use custom protocols for communication, which can be integrated with legitimate P2P traffic. Moreover, their topological structure is more complex, and a complete topology cannot be obtained easily, making them more concealed and difficult to detect. The bot itself is a kind of overlay network, and research shows that the nodes with shared neighbors usually belong to a certain community. Aiming at unstructured P2P botnets and exploiting complex network theory, from the perspective of shared neighbor nodes, this article proposes a botnet detection framework called Peertrap based on self-avoiding random walks (SAW) community detection under the condition of incomplete topological information. Firstly, network traffic is converted into Netflow, by utilizing Apache Flink big data platform. Also, a P2P traffic cluster feature extraction rule is proposed for distinguishing P2P traffic from non-P2P traffic, and it is formulated by using the upstream and downstream traffic and address distribution threshold features. Then, the confidence between P2P clusters is calculated by the Jaccard coefficient to construct a shared neighbor graph, and the same type of P2P communities are mined by hierarchical clustering using SAW algorithm combined with PCA. Finally, two community attributes, mean address distribution degree and mean closeness degree, are used to distinguish botnets. Experiments are conducted on three unstructured P2P botnets datasets, Sality, Kelihos, and ZeroAccess, and the CTU classic datasets, and then good detection results can be achieved. The framework overcomes one of the most critical P2P botnet detection challenges. It can detect P2P bots with high accuracy in the presence of legitimate P2P traffic, incomplete information network topology, and C&C channel encryption. Our method embodies the typical application of complex network theory in botnet detection field, and it can detect botnets from different families in the network, with good parallelism and scalability.
42
Sun, Lei, Wei Du, and Na Che. "Data Center Protection Problems in the Zombie Network." Applied Mechanics and Materials 727-728 (January 2015): 948–50. http://dx.doi.org/10.4028/www.scientific.net/amm.727-728.948.
Full textAbstract:
With the development of the Botnet, new botnets use the peer-to-peer (P2P) protocol (such as for eMule download) appear, which have brought great challenges in detecting and preventing of botnet in the data center.27100Point to point protocol uses more decentralized control method, so information between each node can be shared, and each node has the function of connecting and recovering, which leads to that the class of Botnet is hard to be closed. In the protection of Botnet the data center also found that there are more and more botnet uses the high strength encryption technology after implanting into hosting, which makes the application layer information of the whole communication process be invisible to zombie network protection system for data centers , resulting in many missing events on the recognition and Influences the safety management effect. The specific point of view, point to point protocol and communication method based on encryption led to the that a data center in the botnet protection system is difficult to deal with effectively
43
Feng, Xing Xing, Yan Peng, and Yi Long Zhao. "The Analysis of a Botnet Based on HTTP Protocol." Advanced Materials Research 179-180 (January 2011): 575–79. http://dx.doi.org/10.4028/www.scientific.net/amr.179-180.575.
Full textAbstract:
Botnet is a kind of computer clusters which hackers have controlled by one to many command channels for malicious purposes. Using a botnet, hacker can conduct the denial of service attacks, send massive spam and steal confidential personal easily. A Botnet's control channel by the initial based on IRC protocol has become complicated channel based on HTTP. This paper introduces the control mechanism of HTTP-based botnet. In addition, this paper also analyzes a kind of botnet based on http protocol--Zeus. By setting up experimental environment, configuring Zeus tool and analyzing network traffic, we are able to understand the working mechanism of Zeus and the working principle of botnet based on HTTP protocol.
44
Safar, Noor Zuraidin Mohd, Noryusliza Abdullah, Hazalila Kamaludin, Suhaimi Abd Ishak, and Mohd Rizal Mohd Isa. "Characterising and detection of botnet in P2P network for UDP protocol." Indonesian Journal of Electrical Engineering and Computer Science 18, no. 3 (June 1, 2020): 1584. http://dx.doi.org/10.11591/ijeecs.v18.i3.pp1584-1595.
Full textAbstract:
<span>Developments in computer networking have raised concerns of the associated Botnets threat to the Internet security. Botnet is an inter-connected computers or nodes that infected with malicious software and being controlled as a group without any permission of the computer’s owner. <br /> This paper explores how network traffic characterising can be used for identification of botnet at local networks. To analyse the characteristic, behaviour or pattern of the botnet in the network traffic, a proper network analysing tools is needed. Several network analysis tools available today are used for the analysis process of the network traffic. In the analysis phase, <br /> the botnet detection strategy based on the signature and DNS anomaly approach are selected to identify the behaviour and the characteristic of the botnet. In anomaly approach most of the behavioural and characteristic identification of the botnet is done by comparing between the normal and anomalous traffic. The main focus of the network analysis is studied on UDP protocol network traffic. Based on the analysis of the network traffic, <br /> the following anomalies are identified, anomalous DNS packet request, <br /> the NetBIOS attack, anomalous DNS MX query, DNS amplification attack and UDP flood attack. This study, identify significant Botnet characteristic in local network traffic for UDP network as additional approach for Botnet detection mechanism.</span>
45
Haq, Mohd Anul. "DBoTPM: A Deep Neural Network-Based Botnet Prediction Model." Electronics 12, no. 5 (February 27, 2023): 1159. http://dx.doi.org/10.3390/electronics12051159.
Full textAbstract:
Internet of things (IoT) devices’ evolution and growth have boosted system efficiency, reduced human labour, and improved operational efficiency; however, IoT devices pose substantial security and privacy risks, making them highly vulnerable to botnet attacks. Botnet attacks are capable of degrading the performance of an IoT system in a way that makes it difficult for IoT network users to identify them. Earlier studies mainly focused on the detection of IoT botnets, and there was a gap in predicting the botnet attack due to their complex behaviour, repetitive nature, uncertainty, and almost invisible presence in the compromised system. Based on the gaps, it is highly required to develop efficient and stable AI models that can reliably predict botnet attacks. The current study developed and implemented DBoTPM, a novel deep-neural-network-based model for botnet prediction. The DBoTPM was optimized for performance and less computational overhead by utilizing rigorous hyperparameter tuning. The consequences of overfitting and underfitting were mitigated through dropouts. The evaluation of the DBoTPM demonstrated that it is one of the most accurate and efficient models for botnet prediction. This investigation is unique in that it makes use of two real datasets to detect and predict botnet attacks with efficient performance and faster response. The results achieved through the DBoTPM model were assessed against prior research and found to be highly effective at predicting botnet attacks with a real dataset.
46
Xing, Ying, Hui Shu, Hao Zhao, Dannong Li, and Li Guo. "Survey on Botnet Detection Techniques: Classification, Methods, and Evaluation." Mathematical Problems in Engineering 2021 (April 14, 2021): 1–24. http://dx.doi.org/10.1155/2021/6640499.
Full textAbstract:
With the continuous evolution of the Internet, as well as the development of the Internet of Things, smart terminals, cloud platforms, and social platforms, botnets showing the characteristics of platform diversification, communication concealment, and control intelligence. This survey analyzes and compares the most important efforts in the botnet detection area in recent years. It studies the mechanism characteristics of botnet architecture, life cycle, and command and control channel and provides a classification of botnet detection techniques. It focuses on the application of advanced technologies such as deep learning, complex network, swarm intelligence, moving target defense (MTD), and software-defined network (SDN) for botnet detection. From the four dimensions of service, intelligence, collaboration, and assistant, a common bot detection evaluation system (CBDES) is proposed, which defines a new global capability measurement standard. Combing with expert scores and objective weights, this survey proposes quantitative evaluation and gives a visual representation for typical detection methods. Finally, the challenges and future trends in the field of botnet detection are summarized.
47
Kun, Huang, and Wu Jun. "A botnet detection method based on FARIMA and hill-climbing algorithm." International Journal of Modern Physics B 32, no. 32 (December 30, 2018): 1850356. http://dx.doi.org/10.1142/s0217979218503563.
Full textAbstract:
In order to solve the problem of detection efficiency and the detection speed in botnet detection, a novel botnet detection method is proposed based on hill-climbing algorithm and FARIMA. At first, the evaluation indexes are presented in this method, and botnet and infection hosts are quickly searched with hill-climbing algorithm. Then, FARIMA model is introduced to cut down the long-correlation of detection index. Finally, a simulation was conducted to research on the key factors with MATLAB. The result shows that, compared to other algorithms, it has good adaptability, and it could effectively search for infected hosts and botnets.
48
Padhiar, Sneha, and Ritesh Patel. "Performance evaluation of botnet detection using machine learning techniques." International Journal of Electrical and Computer Engineering (IJECE) 13, no. 6 (December 1, 2023): 6827. http://dx.doi.org/10.11591/ijece.v13i6.pp6827-6835.
Full textAbstract:
<span lang="EN-US">Cybersecurity is seriously threatened by Botnets, which are controlled networks of compromised computers. The evolving techniques used by botnet operators make it difficult for traditional methods of botnet identification to stay up. Machine learning has become increasingly effective in recent years as a means of identifying and reducing these hazards. The CTU-13 dataset, a frequently used dataset in the field of cybersecurity, is used in this study to offer a machine learning-based method for botnet detection. The suggested methodology makes use of the CTU-13, which is made up of actual network traffic data that was recorded in a network environment that had been attacked by a botnet. The dataset is used to train a variety of machine learning algorithms to categorize network traffic as botnet-related/benign, including decision tree, regression model, naïve Bayes, and neural network model. We employ a number of criteria, such as accuracy, precision, and sensitivity, to measure how well each model performs in categorizing both known and unidentified botnet traffic patterns. Results from experiments show how well the machine learning based approach detects botnet with accuracy. It is potential for use in actual world is demonstrated by the suggested system’s high detection rates and low false positive rates.</span>
49
Karim, Ahmad, Victor Chang, and Ahmad Firdaus. "Android Botnets." Journal of Organizational and End User Computing 32, no. 3 (July 2020): 50–67. http://dx.doi.org/10.4018/joeuc.2020070105.
Full textAbstract:
Mobile botnets are gaining popularity with the expressive demand of smartphone technologies. Similarly, the majority of mobile botnets are built on a popular open source OS, e.g., Android. A mobile botnet is a network of interconnected smartphone devices intended to expand malicious activities, for example; spam generation, remote access, information theft, etc., on a wide scale. To avoid this growing hazard, various approaches are proposed to detect, highlight and mark mobile malware applications using either static or dynamic analysis. However, few approaches in the literature are discussing mobile botnet in particular. In this article, the authors have proposed a hybrid analysis framework combining static and dynamic analysis as a proof of concept, to highlight and confirm botnet phenomena in Android-based mobile applications. The validation results affirm that machine learning approaches can classify the hybrid analysis model with high accuracy rate (98%) than classifying static or dynamic individually.
50
Atti, Mangadevi, and Manas Kumar Yogi. "Application of Distributed Graphs for Facilitation of Scalable Botnet Detection and Response." Journal of Security in Computer Networks and Distributed Systems 1, no. 1 (March 18, 2024): 9–18. http://dx.doi.org/10.46610/joscnds.2024.v01i01.002.
Full textAbstract:
Botnets pose a significant threat to modern network environments, exploiting compromised devices to carry out malicious activities such as distributed denial-of-service attacks, spam campaigns, and data theft. Traditional centralized detection systems often struggle to handle the scale and complexity of botnet attacks, leading to delays in detection and response. In response to these challenges, this paper explores the application of distributed graphs for facilitating scalable botnet detection and response. Distributed graphs offer a promising approach for modelling and analyzing complex network structures, enabling efficient detection of botnet propagation patterns and anomalous behaviour across distributed computing environments. The paper presents an overview of distributed graph-based botnet detection systems, discussing their architecture, design considerations, and key concepts such as graph partitioning, vertex-centric computation, and message passing in distributed graph algorithms. Case studies illustrate the practical application of distributed graph-based botnet detection in diverse network environments, highlighting success stories, challenges encountered, and lessons learned from deploying distributed graph systems in production cybersecurity operations. Finally, the paper discusses challenges and open research questions in the field of distributed graph-based botnet detection, addressing issues such as graph partitioning strategies, fault tolerance, privacy-preserving techniques, and integration with other security tools. It proposes potential avenues for future research and development in scalable botnet detection using distributed graphs, emphasizing the importance of adaptive threat response, collaboration with industry partners, and continuous improvement in detection algorithms for enhancing cybersecurity resilience against botnet attacks.