How Botnet And Its Detection Techniques Can Be Classified Into Four Categories

2402 Words10 Pages
1. Abstract: Botnet is one of the most severe threat to cyberspace in the modern cyber world. In the different forms of malware, Botnets provide a base for many cybercrimes such as distributed denial of service and many others. This paper mainly focuses on the survey of botnet and its detection and some of the botnet characteristics and prevent IRC based botnets and also the simple measures to be taken to avoid the effect of botnet. In this survey, botnet detection techniques can be classified into four categories. Signature-based, anomaly based, DNS based, and mining-base and also discuss about the overview of characteristics. 2. Introduction: A botnet, otherwise known as “zombie army,” is a group of systems that are taken…show more content…
used [1]. Next, we are going to discuss about the botnet detection techniques and some of the characteristics [2] and also take an overview of some measures which will be helpful to prevent the attack of bots. 3. Detection techniques 3.1 Anomaly-Based Detection Anomaly-Based techniques attempt to detect computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous [1]. Anomaly based detection techniques helps to solve the issue of detecting unknown bots based on the anomalies such as high network latency, traffic on unusual ports, high volumes of traffic, and unusual system behavior [1]. Nevertheless this technique meets the problem of detecting unknown botnets [1,2]. Anomaly based detection techniques are classified into two categories: host-based and network based techniques [2]. BotSwat, proposed by Stinson and Mitchell, is a host based taint tracking system to discover the programs that take advantage of the received network data to identify the potential remote control behavior. Limitation with the host based approach is its high false positive rate [2]. The network based technique tries to detect botnets based on the network traffic monitoring. BotProbe uses the active monitoring techniques which can actively participate in the network session, and if required can inject test packets to the client that is under monitoring. This technique shows promise on the real-world IRC based

More about How Botnet And Its Detection Techniques Can Be Classified Into Four Categories

Open Document