Skip to main content
SpringerLink
Log in
Book cover

Fundamentals of Network Forensics pp 145–165Cite as

Botnet Forensics

  • Chapter
  • First Online:

  • 1955 Accesses

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

Botnet is a network of compromised computers controlled by attackers. In this chapter botnet forensics with relevance to network forensics is discussed. To understand the botnet threat, the architectures, protocols, and life cycle of botnet network are discussed. The standard botnet forensic process and its various investigation techniques are discussed. The botnet forensics consists of acquisition, analysis, and attribution phases. The research challenges related to botnet forensics and its investigation are also discussed.

This is a preview of subscription content, log in via an institution.

References

  1. Wang P et al (2010) Honeypot detection in advanced botnet attacks. Int J Inf Comput Secur (IJICS) 4(1):30–51

    Google Scholar 

  2. Stevenson A (2014) Botnets infecting 18 systems per second, warns FBI. July 16, 2014 [cited 2015 9 March 2015]; Available from: http://www.v3.co.uk/v3-uk/news/2355596/botnets-infecting-18-systems-per-second-warns-fbi, 31 Mar 2016

  3. Rajab MA et al (2006) A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM conference on internet measurement (IMC’06), ACM, Rio de Janeiro, Brazil

    Google Scholar 

  4. Grizzard JB et al (2007) Peer-to-peer botnets: overview and case study. In: Proceedings of first workshop on hot topics in understanding botnets (HotBots’07), USENIX Association, Cambridge, MA, pp 1–8

    Google Scholar 

  5. Rodríguez-Gómez RA, Maciá-Fernández G, García-Teodoro P (2013) Survey and taxonomy of botnet research through life-cycle. ACM Comput Surv (CSUR) 45(4):45

    Article  Google Scholar 

  6. Zhu Z et al (2008) Botnet Research Survey. In: 32nd annual IEEE international computer software and applications (COMPSAC’08)

    Google Scholar 

  7. Feily M, Shahrestani A, Ramadass S (2009) A survey of botnet and botnet detection. In: Third international conference on emerging security information, systems and technologies (SECURWARE’09). IEEE

    Google Scholar 

  8. Cooke E, Jahanian F, McPherson D (2005) The Zombie roundup: understanding, detecting, and disrupting botnets. In: Proceedings of the USENIX workshop on steps to reducing unwanted traffic on the internet (SRUTI ’05). Boston: USENIX Association, Berkeley, CA

    Google Scholar 

  9. Seungwon S et al (2012) A large-scale empirical study of conficker. IEEE Trans Inf Forensics Secur 7(2):676–690

    Article  Google Scholar 

  10. Fitzgibbon N, Wood M (2009) Conficker. C: a technical analysis. SophosLabs, Sophon Inc

    Google Scholar 

  11. Cusack B (2014) Botnet forensic investigation techniques and cost evaluation. In: Proceedings of the conference on digital forensics, security and law

    Google Scholar 

  12. Andriesse D, Rossow C, Bos H (2015) Reliable Recon in adversarial peer-to-peer botnets

    Google Scholar 

  13. Rossow C et al (2013) SoK: P2PWNED – modeling and evaluating the resilience of peer-to-peer botnets. In: IEEE symposium on security and privacy (SP)

    Google Scholar 

  14. Bacher P et al (2005) Know your enemy: tracking botnets. In: The Honeynet Project & Research Alliance

    Google Scholar 

  15. Cremonini M, Riccardi M (2009) The Dorothy project: an open botnet analysis framework for automatic tracking and activity visualization. In: European conference on computer network defense (EC2ND)

    Google Scholar 

  16. Provos N, Holz T (2007) Virtual honeypots: from botnet tracking to intrusion detection. Addison-Wesley Professional

    Google Scholar 

  17. Provos N (2003) Honeyd-a virtual honeypot daemon. In: 10th DFN-CERT workshop, Hamburg, Germany

    Google Scholar 

  18. An open architecture for distributed malware collection and analysis. (2010)

    Google Scholar 

  19. Zou CC, Cunningham R (2006) Honeypot-Aware advanced botnet construction and maintenance. In: International conference on dependable systems and networks (DSN ’06)

    Google Scholar 

  20. Barford P, Yegneswaran V (2007) An inside look at botnets. In: Christodorescu M et al (eds) Malware detection- advances in information security. Springer US, pp 171–191

    Google Scholar 

  21. Riccardi M et al (2010) A framework for financial botnet analysis. In: eCrime Researchers Summit (eCrime), 2010

    Google Scholar 

  22. Pathak A et al (2009) Botnet spam campaigns can be long lasting: evidence, implications, and analysis. ACM

    Google Scholar 

  23. Pitsillidis A et al. Botnet judo: fighting spam with itself

    Google Scholar 

  24. Freiling F, Holz T, Wicherski G (2005) Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks. Computer Security–ESORICS 2005, pp 319–335

    Google Scholar 

  25. Thomas K, Nicol DM. The Koobface botnet and the rise of social malware. IEEE

    Google Scholar 

  26. Passerini E et al (2008) Fluxor: detecting and monitoring fast-flux service networks. In: Detection of intrusions and Malware, and vulnerability assessment (DIMVA’08), Lecture Notes in Computer Science

    Google Scholar 

  27. Nazario J, Holz T (2008) As the net churns: fast-flux botnet observations. In: 3rd international conference on Malicious and unwanted software (MALWARE ’08), Alexandria, VA

    Google Scholar 

  28. Matrosov A, Rodionov E (2011) Festi botnet analysis & investigation

    Google Scholar 

  29. Masud MM et al (2008) Flow-based identification of botnet traffic by mining multiple log files. IEEE.

    Google Scholar 

  30. Dae-il J et al (2009) Analysis of HTTP2P botnet: case study waledac. In: Communications (MICC), 2009 IEEE 9th Malaysia International conference on

    Google Scholar 

  31. Dafan D et al (2008) Deep analysis of intending peer-to-peer botnet. In: Grid and cooperative computing, 2008. GCC ’08. Seventh international conference on

    Google Scholar 

  32. Mazzariello C (2008) IRC traffic analysis for botnet detection. Ieee

    Google Scholar 

  33. Karasaridis A, Rexroad B, Hoeflin D (2007) Wide-scale botnet detection and characterization. In: Proceedings of the first conference on first workshop on hot topics in understanding botnets. Cambridge, MA

    Google Scholar 

  34. Shahrestani A et al (2009) Architecture for applying data mining and visualization on network flow for botnet traffic detection. In: Computer technology and development, 2009. ICCTD ’09. International conference on

    Google Scholar 

  35. Thomas B et al (2011) An FPGA system for detecting malicious DNS network traffic advances in digital forensics VII. Springer, Boston, pp 195–207

    Google Scholar 

  36. Ramachandran A, Feamster N, Dagon D (2006) Revealing botnet membership using DNSBL counter-intelligence. In: Proceedings of the 2nd workshop on steps to reducing unwanted traffic on the internet (SRUTI’06), San Jose, California, USA

    Google Scholar 

  37. Dagon D, Zou C, Lee W (2006) Modeling botnet propagation using time zones. In: Proceedings of the 13th annual network and distributed system security symposium (NDSS 2006), San Diego, CA, ISOC

    Google Scholar 

  38. Law FYW et al (2010) A host-based approach to BotNet investigation? In: Goel S et al (eds) Digital forensics and cyber crime. Springer, Berlin/Heidelberg, pp 161–170

    Google Scholar 

  39. Ard C (2007) Botnet analysis. Int J Forensic Comput Sci 2(1):65–74

    Article  Google Scholar 

  40. de Graaf D, Shosha A, Gladyshev P (2013) BREDOLAB: shopping in the cybercrime underworld. In: Rogers M, Seigfried-Spellar K (eds) Digital forensics and cyber crime. Springer, Berlin/Heidelberg, pp 302–313

    Google Scholar 

  41. Vural I et al (2010) Mobile botnet detection using network forensics. In: Future internet – FIS. Springer, Berlin/Heidelberg, pp 57–67

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graphic Era University, Dehradun, Uttarakhand, India

    R. C. Joshi

  2. Malaviya National Institute of Technology, Jaipur, Rajasthan, India

    Emmanuel S. Pilli

Authors
  1. R. C. Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel S. Pilli
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag London

About this chapter

Cite this chapter

Joshi, R.C., Pilli, E.S. (2016). Botnet Forensics. In: Fundamentals of Network Forensics. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-7299-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-7299-4_8

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-7297-0

  • Online ISBN: 978-1-4471-7299-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation