Identifying Botnets: Classification and Detection
Rishikesh Sharma1, Abha Thakral2
1Rishikesh Sharma, Department of CSE, Amity University Noida (Uttar Pradesh), India.
2Abha Thakral, Department of CSE, Amity University, Noida (Uttar Pradesh), India.
Manuscript received on 09 August 2019 | Revised Manuscript received on 17 August 2019 | Manuscript Published on 26 August 2019 | PP: 131-137 | Volume-8 Issue-9S August 2019 | Retrieval Number: I10210789S19/19©BEIESP DOI: 10.35940/ijitee.I1021.0789S19
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open-access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The past few years have witnessed the threats caused by the evolving of botnets. It has been found that the nefarious network consisting of contagious systems called as bots are operated by the botmaster. These botnets have been used for malicious activities. This prevailing threat on the internet has led to spam, Distributed Denial of Service (DDoS) attacks, phishing emails, and other cyber-attacks. The detection of such networks is very important keeping the protocols and features they work upon. The paper talks about the various detection techniques that can be adapted to evade the attacks of bots. The huge amount of traffic created by bots can be studied and distinguished respectively to understand the protocols used by the botmaster; which are further used to detect botnets based on the signature and anomaly patterns. The attacks being done from different locations have made it difficult for a botnet to be caught. It has been mentioned that a few networks provide the bots with a nickname using which the detection can be done. The method has been described thoroughly by also specifying how the bot-names of the same network are similar. Nowadays, the number of botnets has increased with a fewer number of trained bots. These network work upon the protocols like Command and Control (C&C), Internet Relay Chat (IRC), HyperText Transfer Protocol (HTTP) and Peer to Peer(P2P). The detection of such networks is being done classifying the traffic and analyzing the spam e-mails alongside the respected IP address. Even the traps of honeynet are developed which motivate the botmaster to take action and get caught. Such honeynet techniques along with the required steps and the necessary precautions are also mentioned in the paper.
Keywords: Botnet, Honeynet, IP Address, Network Traffic Classification, Phishing Emails.
Scope of the Article: Network Traffic Characterization and Measurements