The Association of Digital Forensics, Security and Law (ADFSL)
Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting peer-to-peer and other decentralized botnets. Furthermore, the detection techniques aimed at decentralized and peer-to-peer botnets focus on detecting communications between the infected bots. Recent research has shown hierarchical clustering of flow data and machine learning are effective techniques for detecting botnet peer-to-peer traffic.
Alhomoud, A., Awan, I., Disso, J., & Younas, M. (2013). A next-generation approach to combating botnets. Computer, 46(4), 62-66. Retrieved from http://doi.ieeecomputersociety.org/10.1109/MC.2013.67
Brezo, F., Santos, I., Bringas, P., & Val, J. (2011, Aug). Challenges and limitations in current botnet detection. Proceedings of the 22nd International Workshop on Database and Expert Systems Applications, Toulouse, France, 95-101. Retrieved from http://dx.doi.org/10.1109/DEXA.2011.19
Caglayan, A., Toothaker, M., Drapaeau, D., & Burke, D. (2010, January). Behavioral patterns of fast flux service networks. Proceedings of the 2010 43rd Hawaii International Conference on System Sciences (HICSS), Honolulu, HI, 1-9. doi: 10.1109/HICSS.2010.81
Cao, L, & Qiu, X. (2013, July). Defense against botnets: A formal definition and a general framework. Proceedings of the 2013 IEEE Eighth International Conference on Networking, Architecture, and Storage, Xi’an, Shaanxi, China, 237-241. Retrieved from http://doi.ieeecomputersociety.org/10.1109/NAS.2013.37
Cisco. (2014). Snort (Version 220.127.116.11) [Computer Software]. Retrieved from http://www.snort.org/downloads
Cooke, E., Jahanian, F., & McPherson, D. (2005, July). The zombie roundup: Understanding, detecting, and disrupting botnets. Proceedings of the Steps to Reducing Unwanted Traffic on the Internet Workshop 2005, Cambridge, MA. Retrieved from https://www.usenix.org/legacy/events/sruti05/tech/full_papers/cooke/cooke.pdf
Dean, J., & Ghemawat, S. (2004, December). MapReduce: Simplified data processing on large clusters. Proceedings of the 6th Symposium on Operating System Design and Implementation, San Francisco, CA, 137-150. Retrieved from http://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en/us/archive/mapreduce-osdi04.pdf
Dittrich, D. (2012, April). So you want to take over a botnet. Proceedings of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET ’12, San Jose, CA. Retrieved from https://www.usenix.org/system/files/conference/leet12/leet12-final23.pdf
Feily, M., Shahrestani, A., & Ramadass, S. (2009, June). A survey of botnet and botnet detection. Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies, Athens, Glyfada, Greece, 268-273. Retrieved from http://doi.ieeecomputersociety.org/10.1109/SECURWARE.2009.48
Francois, J., Wang, S., Bronzi, W., State, R., & Engel, T. (2011, November). BotCloud: Detecting botnets using Mapreduce. Proceedings of the 2011 IEEE International Workshop on Information Forensics and Security, Iguazu Falls, Parana, Brazil, 1-6. Retrieved from http://dx.doi.org/10.1109/WIFS.2011.6123125
Garant, D., & Lu, Wei. (2013). Mining botnet behaviors on the large-sale web application community. Proceedings of the 2013 27th International Conference on Advanced Information Networking and Applications Workshops, Barcelona, Spain, 185-190. Retrieved from http://doi.ieeecomputersociety.org/10.1109/WAINA.2013.235
Gu, G., Perdisci, R., Zhang, J., & Lee, W. (2008, July). BotMiner: Clustering analysis of network traffic for protocol and structure independent botnet detection. Proceedings of the 17th USENEX Security Symposium, San Jose, CA. Retrieved from https://www.usenix.org/legacy/event/sec08/tech/full_papers/gu/gu.pdf
Gu, G., Porras, P., Yegneswaran, V., Fong, M., & Lee, W. (2007, August). BotHunter: Detecting malware infection through IDS-driven dialog correlation. Proceedings of the 16th USENEX Security Symposium, Boston, MA. Retrieved from https://www.usenix.org/legacy/events/sec07/tech/full_papers/gu/gu.pdf
Gu, G., Yegneswaran, V., Porras, P., Stoll, J., & Lee, W. (2009, December). Active botnet probing to identify obscure command and control channels. Proceedings of the 2009 Annual Computer Security Applications Conference, Honolulu, HI, 241-253. doi: 10.1109/ACSAC.2009.30
Gu, G., Zhang, J., & Lee, W. (2008, February). BotSinffer: Detecting botnet command and control channels in network traffic. Proceedings of the 15th Annual Network and Distributed System Security Symposium, San Diego, CA. Retrieved from http://www.isoc.org/isoc/conferences/ndss/08/papers/17_botsniffer_ detecting_botnet.pdf
Hadoop (2013). The Apache Hadoop project. Retrieved from http://hadoop.apache.org/
Han, F., Chen, Z., Xu, H., & Liang, Y. (2012, June). Garlic: A distributed botnets suppression system. Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 634-639. Retrieved from http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2012.30
Hasan, A., Awadi, R., & Belaton, B. (2013). Multi-phase IRC botnet and botnet behavior detection model. International Journal of Computer Applications, 66(15), 41-51. doi: 10.5120/11164-6289
Householder, A., & Danyliw, R. (2003, March). Increased activity targeting windows shares (CERT advisory CA-2003-08). Retrieved from http://www.cert.org/advisories/CA-2003-08.html
Karasaridis, A., Rexford, B., & Hoeflin, D. (2007, April). Wide-scale botnet detection and characterization. Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA. Retrieved from https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/karasaridis/karasaridis.pdf
Li, W., Xie, S., Luo, J., & Zhu, X. (2013, April). A detection method for botnet based on behavior features. Proceedings of the 2nd International Conference on Systems Engineering and Modeling (ICSEM-13), Beijing, China, 512-517. Retrieved from http://www.atlantis-press.com/php/download_paper.php?id=5594
Rossow, C., & Dietrich, C. (2013, July). PROVEX: Detecting botnets with encrypted command and control channels. Proceedings of the 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, 21-40. Retrieved from http://dx.doi.org/10.1007/978-3-642-39235-1_2
Spitzner, L. (2003). The honeynet project: Trapping the hackers. IEEE Security & Privacy, 1(2), 15-23. doi: 10.1109/MSECP.2003.1193207
Ventre, D. (2013). Cyber Conflict: Competing National Perspectives. Indianapolis, IN: Wiley.
Wang, T., & Yu, S. (2009). Centralized botnet detection by traffic aggregation. Proceedings of the 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, Chengdu, China, 86-93. Retrieved from http://dx.doi.org/10.1109/ISPA.2009.74
Zargar, S., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (distributed denial of service) flooding attacks. IEEE Communications Surveys and Tutorials, PP(99), 1-24. doi: 10.1109/SURV.2013.031413.00127
Zeng, Y. (2012). On detection of current and next-generation botnets (Doctoral dissertation). University of Michigan. Retrieved from http://deepblue.lib.umich.edu/handle/2027.42/91382
Zeng, Y., Hu, X., & Shin, K. (2010, June). Detection of botnets using combined host and network level information. Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, Chicago, IL, 291-300. Retrieved from http://doi.ieeecomputersociety.org/10.1109/DSN.2010.5544306
Zhang, J. (2012). Effective and scalable botnet detection in network traffic. (Doctoral Dissertation). Retrieved from ProQuest Dissertations and Theses database. (AAT 1115317916)
Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., & Luo, X. (2011, June). Detecting stealthy P2P botnets using statistical traffic fingerprints. Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, Hong Kong, China, 121-132. Retrieved from http://doi.ieeecomputersociety.org/10.1109/DSN.2011.5958212
Zhuge, J., Holz, T., Han, X., Guo, J., & Zou, W. (2007, December). Characterizing the IRC-Based Botnet Phenomenon. Peking University and University of Mannheim Technical Report. Retrieved from https://ub-mado
Hyslip, Thomas S. and Pittman, Jason M.
"A Survey of Botnet Detection Techniques by Command and Control Infrastructure,"
Journal of Digital Forensics, Security and Law: Vol. 10
, Article 2.
Available at: http://commons.erau.edu/jdfsl/vol10/iss1/2