Issues of Bot Network Detection and Protection

  • Surjya Prasad MajhiEmail author
  • Santosh Kumar Swain
  • Prasant Kumar Pattnaik
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1040)


The paper studies the various aspects of botnet detection. It focuses on the different methods available for detection of the bot, C&C and botherder. There is also the elaboration of different botnet protection methods that can be utilized by systems users to protect their systems before bot infection and also after bot infection.


Bots Botnet Bot network Botherder C&C channel Botnet detection Bot infection System-level Network-level 


  1. 1.
    Gu G., Perdisci R., Zhang J., and Lee W.: Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Usenix Security Symposium, vol. 5, No. 2, pp. 139–154 (2008)Google Scholar
  2. 2.
    Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: Usenix Security Symposium, vol. 7, pp. 1–16 (2007)Google Scholar
  3. 3.
    Zhuang, L., Dunagan, J., et al.: Characterizing botnets from email spam records. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats, vol. 8, pp. 1–9 (2008)Google Scholar
  4. 4.
    Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–52 (2006)Google Scholar
  5. 5.
    Villamarín-Salomón, R., Villamarín-Salomón, J.: Identifying botnets using anomaly detection techniques applied to DNS traffic. In: Proceedings of the 5th IEEE Consumer Communications and Networking Conference, pp. 476–481 (2008)Google Scholar
  6. 6.
    Choi, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: Proceedings of the 7th IEEE International Conference on Computer and Information Technology, pp. 715–720 (2007)Google Scholar
  7. 7.
    Goebel, J., Holz, T.: Rishi: identify bot contaminated hosts by IRC nickname evaluation. In: Usenix Workshop on Hot Topics in Understanding Botnets, vol. 7, p. 8 (2007)Google Scholar
  8. 8.
    Strayer, W.T., et al.: Botnet detection based on network behavior. In: Botnet Detection, vol. 36, pp. 1–24. Springer, US (2008)Google Scholar
  9. 9.
    Holz, T., Gorecki, C., Rieck, K., Freiling, F.: Detection and mitigation of fast-flux service networks. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008)Google Scholar
  10. 10.
    Gu, G., Yegneswaran, V., Porras, P., Stoll, J., Lee, W.: Active botnet probing to identify obscure command and control channels. In: Computer Security Applications Conference IEEE, pp. 241–253 (2009)Google Scholar
  11. 11.
    Snort IDS web page., March (2006)
  12. 12.
    Rossow,C., Dietrich C.J.: Provex: detecting botnets with encrypted command and control channels. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 21–40. Springer (2013)Google Scholar
  13. 13.
    Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of HTTP-based malware and signature generation using malicious network traces. In: Usenix Symposium on Networked Systems Design & Implementation, pp. 391–404 (2010)Google Scholar
  14. 14.
    Wurzinger, P., et al.: Automatically generating models for botnet detection. In: European Symposium on Research in Computer Security, pp. 232–249. Springer (2009)Google Scholar
  15. 15.
    Rehak, M., Pechoucek, M., et al.: Adaptive multiagent system for network traffic monitoring. IEEE Intell. Syst. 3(24), 16–25 (2009)CrossRefGoogle Scholar
  16. 16.
    Caglayan, A., Toothaker, M., et al.: Behavioral analysis of botnets for threat intelligence. Inf. Syst. E-Bus. Manag. 10(4), 491–519 (2012). (Springer)CrossRefGoogle Scholar
  17. 17.
    Ramsbrock, D., Wang, X., Jiang, X.: A first step towards live botmaster traceback. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, pp. 59–77. Springer (2008)Google Scholar
  18. 18.
    FireEye: Next generation threat protection. FireEye Inc. (2011)Google Scholar
  19. 19.
    Damballa,: Damballa::homepage (2011)Google Scholar
  20. 20.
    Grizzard, J.B., Johns, T.: Peer-to-peer botnets: overview and case study. In: Usenix Workshop on Hot Topics in Understanding Botnets (2007)Google Scholar
  21. 21.
    Holz, T., Steiner, M., Dahl, F., Biersack, E., Freilling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, vol. 8, pp. 1–9 (2008)Google Scholar
  22. 22.
    Caballero, J., Poosankam, P., Kreibich, C., Song, D.: Dispatcher: enabling active botnet infiltration using automatic protocol reverse engineering. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 621–634 (2009)Google Scholar
  23. 23.
    Liu, L., Chen, S., Yan, G., Zhang, Z.: Bottracer: execution-based bot-like malware detection. In: International Conference on Information Security, pp. 97–113. Springer (2008)Google Scholar
  24. 24.
    Stinson, E., Mitchell, J.C.: Characterizing bots’ remote control behaviour. In: International Conference on Detection of Intrusions & Malware and Vulnerability Assessment, pp. 89–108. Springer (2007)Google Scholar
  25. 25.
    Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, p. 7 (2007)Google Scholar
  26. 26.
    Gu, G., Zhang, J., Lee, W.: Botsniffer: detecting botnet command and control channels in network traffic. In: Network and Distributed System Security Symposium (2008)Google Scholar
  27. 27.
    Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: a case-study of key loggers and dropzones. In: European Symposium on Research in Computer Security, pp. 1–18. Springer (2009)Google Scholar
  28. 28.
    Kanich, C., Kreibich, C., et al.: Spamalytics: an empirical analysis of spam marketing conversion. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 3–14 (2008)Google Scholar
  29. 29.
    Furfie, B.: Laws must change to combat botnets Kaspersky. Feb (2011)Google Scholar
  30. 30.
    Bright, P.: How Operation b107 decapitated the Rustock botnet (2011)Google Scholar
  31. 31.
    A.P.E.C, AEC: Guide on Policy and Technical Approaches against Botnet. Dec (2008)Google Scholar
  32. 32.
    Leyden, J.: Botnet-harbouring survey fails to accounts for sinkholes (2011)Google Scholar
  33. 33.
    Orgill, G.L., Romney, G.W., et al.: The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In: Proceedings of the 5th Conference on Information Technology Education, pp. 177–181. ACM (2004)Google Scholar
  34. 34.
    Mody, N., O’Reirdan, M., Masiello, S., Zebek, J.: Common best practices for mitigating large scale bot infections in residential networks, July (2009)Google Scholar
  35. 35.
    Li, P., Salour, M., Su, X.: A survey of internet worm detection and containment. IEEE Commun. Surv. Tutorials 10(1), 20–35 (2008)CrossRefGoogle Scholar
  36. 36.
    Cho, C.Y., Caballero, J.: Botnet infiltration: finding bugs in botnet command and control (2011)Google Scholar
  37. 37.
    Dinger, J., Hartenstein, H.: Defending the sybil attack in p2p networks: taxonomy, challenges, and a proposal for self-registration. In: First International Conference on Availability, Reliability and Security, p. 8. IEEE (2006)Google Scholar
  38. 38.
    Ford, R., Gordon, S.: Cent, five cent, ten cent, dollar: hitting botnets where it really hurts. In: Proceedings of the 2006 Workshop on New Security Paradigms, p. 310. ACM (2006)Google Scholar
  39. 39.
    IEEE 802.11ah. 2018: Accessed 23 Feb 2018. Retrieved from
  40. 40.
    Lee, A., Atkison, T.: A comparison of fuzzy hashes: evaluation, guidelines, and future suggestions (2017)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Surjya Prasad Majhi
    • 1
    Email author
  • Santosh Kumar Swain
    • 1
  • Prasant Kumar Pattnaik
    • 1
  1. 1.School of Computer EngineeringKIIT Deemed to be UniversityBhubaneswarIndia

Personalised recommendations