CFP last date
20 January 2025
Reseach Article

Hybrid Botnet Detection Mechanism

by Katha Chanda
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 91 - Number 5
Year of Publication: 2014
Authors: Katha Chanda
10.5120/15876-4823

Katha Chanda . Hybrid Botnet Detection Mechanism. International Journal of Computer Applications. 91, 5 ( April 2014), 12-16. DOI=10.5120/15876-4823

@article{ 10.5120/15876-4823,
author = { Katha Chanda },
title = { Hybrid Botnet Detection Mechanism },
journal = { International Journal of Computer Applications },
issue_date = { April 2014 },
volume = { 91 },
number = { 5 },
month = { April },
year = { 2014 },
issn = { 0975-8887 },
pages = { 12-16 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume91/number5/15876-4823/ },
doi = { 10.5120/15876-4823 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:11:58.095727+05:30
%A Katha Chanda
%T Hybrid Botnet Detection Mechanism
%J International Journal of Computer Applications
%@ 0975-8887
%V 91
%N 5
%P 12-16
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Botnets have emerged as one of the biggest threats to internet security in the recent years. They have confounded security researchers because of their mobile and secretive behavior. A Botnet is a network of zombie machines remotely controlled by a command server or a Botmaster. These compromised host machines may be used for sending spam, launching DOS attacks, spying or stealing information. As botnets have evolved, so has the detection techniques changed. A number of different techniques have been suggested yet no technique is completely foolproof. While some are based on detecting anomalies, others focus on DNS queries [Choi et al. , 2007] or DNSBL [Ramachandran et al. , 2006] queries etc. This paper analyzes layouts of different detection techniques. The paper tries to find features that, when combined together, complement each other's strengths and eliminate the weaknesses and suggests a framework consisting of a combination of those features which, theoretically, should overcome most of the common problems faced by detection techniques.

References
  1. N. Feamster, A. Ramachandran and D. Dagon, "Revealing botnet membership using dnsbl counter-intelligence," in The 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI '06), 2006.
  2. W. Li, S. Xie, J. Luo, Xiaodong Zhu,A Detection Method for Botnet based on Behavior Features, Proceedings of the 2nd International Conference On Systems Engineering and Modeling (ICSEM-2013), 2013
  3. Hossein Rouhani Zeidanloo,Azizah Bt Abdul Manaf, "Botnet Detection by Monitoring Similar Communication Patterns",(IJCSIS) International Journal of Computer Science and Information Security,Vol. 7, No. 3, March 2010,pp. 36- 45.
  4. H. Choi, H. Lee, and H. Kim. Botnet detection by monitoring group activities in dns traffic. In proceedings of the 7th IEEE International Conference on Computer and Information Technology(CIT'07), Washington, DC, October 2007.
  5. Robiah Y, Siti Rahayu S. , Mohd Zaki M. , Shahrin S. , Faizal M. A. , Marliza R. ;A New Generic Taxonomy on Hybrid Malware Detection Technique. (IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
  6. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. BotHunter: Detecting malware infection through ids-driven dialog correlation. In Proceedings of the 16th USENIX Security Symposium (Security'07), 2007.
  7. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "Botminer: Clustering analysis of network traffic for protocol- and structure independent Botnet detection," in Proc. 17th USENIX Security Symposium, 2008.
  8. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "BLINC:multilevel traffic classification in the dark," In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 229-240, Philadelphia, Pennsylvania, 2005
Index Terms

Computer Science
Information Sciences

Keywords

Signature based detection Anomaly based detection Hybrid Method Protocol Independence.