Monitoring the Flow Characteristics of Botnet with a Network Traffic Analysis System

Document Type : Original Article

Abstract

Botnet is one of the important but little-known dangers on the Internet. Botnets are networks of compromised computers that are controlled through a command-and-control channels for destructive attacks in the vast expanses. Botnets are often used for malicious activities such as distributed denial of service attacks. To deal with these type of attack is required to study and examine the structure, properties and behavior of botnet traffic. Therefore, identification of the main characteristics of botnets and monitoring the flows of botnet will be effective in creating and developing technologies to deal with this potential security risk. In this work, are reviewed botnets and their life cycle and types of topologies and protocols they use and documented the behaviors and characteristics of botnet traffic with implementation a network of botnet-infected And provide a network flow analysis system. Find these features to provide solutions to detect and deal with botnet-based attacks will be effective.

Keywords

References

  1. R. A. Rodríguez-Gómez, “G. Maciá-Fernández and P. García-Teodoro, Analysis of botnets through life-cycle,” Security and Cryptography (SECRYPT),  2011 Proceedings of the International Conference on, Seville, Spain, pp. 257-262, 2011.##
  2. C. Elliott, “Botnets: To What Extent Are They a Threat to Information Security?,” Information Security Technical Report, vol. 15, pp. 79-103, 2010.##
  3. H. R. Zeidanloo and A. A. Manaf, “Botnet Command and Control Mechanisms,” Computer and Electrical Engineering, 2009 ICCEE '09, Second International Conference on, Dubai, pp. 564-568, 2009.##
  4. T. Cai and F. Zou, “Detecting HTTP Botnet with Clustering Network Traffic,” Wireless Communications, Networking and Mobile Computing (WiCOM), 2012 8th International Conference on, Shanghai, China, pp. 1-7, 2012.##
  5. N. Hachem, Y. Ben Mustapha, G. G. Granadillo, and H. Debar, “Botnets: Lifecycle and Taxonomy,” Network and Information Systems Security (SAR-SSI), 2011 Conference on, La Rochelle, pp. 1-8, 2011.##
  6. M. Chandramohan and H. B. K. Tan, “Detection of Mobile Malware in the Wild,” in Computer, vol. 45, no. 9, pp. 65-71, Sept. 2012.##
  7. C. Li, W. Jiang, and X. Zou, “Botnet: Survey and Case Study,” Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on, Kaohsiung, pp. 1184-1187, 2009.##
  8. E. Yuce, “A Literature Survey about Recent Botnet Trends,” GÉANT Network, ULAKBIM, Turkey, Rep. JRA2 T4, 2012.##
  9. C. Elliott, “Botnets: To What Extent Are They a Threat to Information Security?,” Information Security Technical Report, vol. 15, pp. 79-103, 2010.##
  10. V. Kamluk, “The Botnet Ecosystem [Online].Available: http://www.securelist.com/en/analysis/204792095/The_Botnet_ecosystem, 2009.##
  11. M. Eslahi, R. Salleh, and N. B. Anuar, “Bots and botnets: An overview of characteristics, detection and challenges,” Control System, Computing and Engineering (ICCSCE), IEEE International Conference on, Penang, pp.         349-354, 2012.##
  12. B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna, “Analysis of a Botnet Takeover,” in IEEE Security & Privacy, vol. 9, no. 1, pp. 64-72, Jan.-Feb. 2011.##
  13. Cisco, “Cisco 2009 Midyear Security Report: An Update on Global Security Threats and Trends,” Cisco Systems, Rep., 2009.##
  14. M. Bailey, E. Cooke, F. Jahanian, Y. Xu, and M. Karir, “A Survey of Botnet Technology and Defenses,” Conference for Homeland Security, 2009 CATCH '09, Cyber security Applications & Technology, Washington, DC, pp. 299-304, 2009.##
  15. Taxonomy of Botnet Threats, “Trend Micro Inc.,” White Paper, November 2006.##
  16. J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon, “Peer-to-peer Botnets: Overview and case study,” In Proc. of OT Topics in Understanding Botnets (HotBots’07), pp.198-201, 2007.##
  17. T. Cai and F. Zou, “Detecting HTTP Botnet with Clustering Network Traffic,” Wireless Communications, Networking and Mobile Computing (WiCOM), 8th International Conference on, Shanghai, China, pp. 1-7, 2012.##
  18. C. M. Chen, Y. H. Ou, and Y. C. Tsai, “Web botnet detection based on flow information,” Computer Symposium (ICS), International, Tainan, pp. 381-384, 2010.##
  19. S. Arshad, M. Abbaspour, M. Kharrazi, and H. Sanatkar, “An anomaly-based botnet detection approach for identifying stealthy botnets,” Computer Applications and Industrial Electronics (ICCAIE), IEEE International Conference on, Penang, pp. 564-569, 2011.##
  20. B. Assadhan, J. M. F. Moura, and D. Lapsley, “Periodic Behavior in Botnet Command and Control Channels Traffic,” Global Telecommunications Conference, GLOBECOM, IEEE, Honolulu, HI, pp. 1-6, 2009.##
  21. M. M. Masud, T. Al-khateeb, L. Khan, B. Thuraisingham, and K. W. Hamlen, “Flow-based identification of botnet traffic by mining multiple log files,” Distributed Framework and Applications, DFM, First International Conference on, Penang, pp. 200-206, 2008.##
  22. T.-M. Koo, H.-C. Chang, and G.-Q. Wei, “Construction P2P firewall HTTP-Botnet defense mechanism,” Computer Science and Automation Engineering (CSAE), IEEE International Conference on, Shanghai, pp. 33-39, 2011.##
Passive Defense
Volume 7, Issue 4 - Serial Number 4
December 1395
Pages 23-32

Files

History

  • Receive Date: 02 September 2015
  • Revise Date: 04 January 2021
  • Accept Date: 19 September 2018

Share

How to cite

Statistics