Botnet Detection and Mitigation: A Comprehensive Literature Review |
||
|
|
|
© 2024 by IJCTT Journal | ||
Volume-72 Issue-1 |
||
Year of Publication : 2024 | ||
Authors : Saurav Bhattacharya, Anirudh Khanna, Rajat Dubey | ||
DOI : 10.14445/22312803/IJCTT-V72I1P113 |
How to Cite?
Saurav Bhattacharya, Anirudh Khanna, Rajat Dubey, "Botnet Detection and Mitigation: A Comprehensive Literature Review," International Journal of Computer Trends and Technology, vol. 72, no. 1, pp. 77-82, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I1P113
Abstract
Botnets represent one of the most formidable challenges in cybersecurity, orchestrating a range of malicious activities that threaten individual, organizational, and national security. This article provides a comprehensive review of the evolution of botnets, the methodologies for their detection, and the strategies employed for their mitigation. It traces the journey of botnets from their inception as simple networks of infected devices to their current status as sophisticated, adaptive structures capable of significant disruption. Detection methodologies have evolved from basic signature-based techniques to advanced methods incorporating anomaly detection, behavioral analysis, and machine learning. Yet, they continue to grapple with the increasing sophistication of botnet tactics. Mitigation strategies, encompassing preventive measures, responsive actions, and legal and cooperative efforts, are discussed for their effectiveness and challenges. The article also presents case studies of notable botnet attacks, providing real-world insights into the complexities of combating these threats. Finally, it explores future directions, highlighting the potential advancements in botnet technology and the ongoing need for innovative research, proactive strategies, and international collaboration in the fight against botnets. This review aims to inform and inspire researchers, practitioners, and policymakers as they navigate the ever-evolving landscape of botnet threats and defenses.
Keywords
Botnets, Cybersecurity Challenges, Detection Methodologies, Mitigation Strategies, Evolution of Botnets, Machine Learning in Cybersecurity, International Collaboration in Cyber Defense.
Reference
[1] Ross Anderson et al., Measuring the Cost of Cybercrime, the Economics of Information Security and Privacy, Springer, Berlin, Heidelberg, pp. 265-300, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Jason Andress, and Steve Winterfeld, Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, Elsevier Science, pp. 1- 324, 2013.
[Google Scholar] [Publisher Link]
[3] Manos Antonakakis et al., “From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware,” 21st USENIX Security Symposium, 2012.
[Google Scholar] [Publisher Link]
[4] Manos Antonakakis et al., “Understanding the Mirai Botnet,” 26th USENIX Security Symposium, Vancouver, BC, Canada, pp. 1093- 1110, 2017.
[Google Scholar] [Publisher Link]
[5] Giovanni Apruzzese et al., “On the Effectiveness of Machine and Deep Learning for Cybersecurity,” 2018 10th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, pp. 371-390, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Brian M. Bowen et al., “Baiting Inside Attackers Using Decoy Documents,” International Conference on Security and Privacy in Communication Systems, pp. 51-70, 2009. [CrossRef] [Google Scholar] [Publisher Link]
[7] James R. Binkley, and Suresh Singh, “An Algorithm for Anomaly-Based Botnet Detection,” 2 nd Workshop on Steps to Reducing Unwanted Traffic on the Internet, pp. 43-48, 2006.
[Google Scholar] [Publisher Link]
[8] Douglas Maughan, “The Need for a National Cybersecurity Research and Development Agenda,” Communications of the ACM, vol. 52, no. 2, pp. 29-31, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[9] M.M.R Chowdhury, and A.S Namin, “The Evolution of Botnet Detection and Mitigation,” IEEE Potentials, vol. 36, no. 5, 2017.
[10] Mauro Conti et al., “A Survey on Security and Privacy Issues of Bitcoin,” IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3416-3452, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Evan Cooke, Farnam Jahanian, and Danny McPherson, “The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets,” SRUTI ‘05 Steps to Reducing Unwanted Traffic on the Internet Workshop, pp. 39-44, 2005.
[Google Scholar] [Publisher Link]
[12] D. Dittrich, “The "Stacheldraht" Distributed Denial of Service Attack Tool,” USENIX Security Symposium, 2002.
[Google Scholar]
[13] M.W Eichin, and J.A Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,” IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 326-343, 1989.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Maryam Feily, Alireza Shahrestani, and Sureswaran Ramadass “A Survey of Botnet and Botnet Detection,” Third International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece, pp. 268-273, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Thomas A. Johnson, Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare, CRC Press, pp. 1-363, 2014.
[Google Scholar] [Publisher Link]
[16] P. García-Teodoro et al., “Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges,” Computers & Security, vol. 28, no. 1-2, pp. 18-28, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Marc D Goodman, and Susan W Brenner, “The Emerging Consensus on Criminal Conduct in Cyberspace,” International Journal of Law and Technology, vol. 10, no. 2, pp. 139-223, 2002.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Julian B. Grizzard et al., “Peer-to-Peer Botnets: Overview and Case Study,” First Workshop on Hot Topics in Understanding Botnets, pp. 1-8, 2007.
[Google Scholar] [Publisher Link]
[19] Stephen Herwig et al., “Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet,” Network and Distributed System Security Symposium, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Thorsten Holz et al., “Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm,” Proceedings of the 1 st Usenix Workshop on Large-Scale Exploits and Emergent Threats, San Francisco California, pp. 1-9, 2008.
[Google Scholar] [Publisher Link]
[21] Julian Jang-Jaccard, and Surya Nepal, “A Survey of Emerging Threats in Cybersecurity,” Journal of Computer and System Sciences, vol. 80, no. 5, pp. 973-993, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Sheharbano Khattak et al., “A Taxonomy of Botnet Behavior, Detection, and Defense,” IEEE Communications Surveys & Tutorials, vol. 16, no. 2, pp. 898-924, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Constantinos Kolias et al., “DDoS in the IoT: Mirai and Other Botnets,” Computer, vol. 50, no. 7, pp. 80-84, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Lei Liu et al., BotTracer: Execution-based Bot-Like Malware Detection, Information Security, Springer, Berlin, Heidelberg, pp. 97-113, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Niels Provos et al., “The Ghost in the Browser: Analysis of Web-based Malware,” First Workshop on Hot Topics in Understanding Botnets (HotBots 07), 2007.
[Google Scholar] [Publisher Link]
[26] Seungwon Shin, Haopei Wang, and Guofei Gu, “A First Step toward Network Security Virtualization: From Concept to Prototype,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 10, pp. 2236-2249, 2012.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Sérgio S.C Silva et al., “Botnets: A survey,” Computer Networks, vol. 57, no. 2, pp. 378-403, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[28] L. Spitzner, “Honeypots: Catching the Insider Threat,” 19th Annual Computer Security Applications Conference, Las Vegas, NV, USA, pp. 170-179, 2003.
[CrossRef] [Google Scholar] [Publisher Link]
[29] William Stallings, Cryptography and Network Security: Principles and Practices, Pearson/Prentice Hall, pp. 1-680, 2007.
[Google Scholar] [Publisher Link]
[30] Feamster Nick, Konte Maria, and Jung, Jaeyeon, “Fast-Flux Service Networks: Dynamics and Roles in Hosting Online Scams,” University of Maryland Institute for Advanced Computer Studies, Technical Report, 2008.
[Google Scholar] [Publisher Link]
[31] Symantec, Internet Security Threat Report, vol. 23, 2018.
[Publisher Link]
[32] Ping Wang, Sherri Sparks, and Cliff C. Zou, “An Advanced Hybrid Peer-to-Peer Botnet,” IEEE Transactions on Dependable and Secure Computing, vol. 7, no. 2, pp. 113-127, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[33] Ilsun You, and Kangbin Yim, K. “Malware Obfuscation Techniques: A Brief Survey,” International Conference on Broadband, Wireless Computing, Communication and Applications, Fukuoka, Japan, pp. 297-300, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Saman Taghavi Zargar, James Joshi, and David Tipper, “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks,” IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069, 2013.
[CrossRef] [Google Scholar] [Publisher Link]