A Survey of Botnet and Botnet Detection

  title={A Survey of Botnet and Botnet Detection},
  author={Maryam Feily and Alireza Shahrestani and Sureswaran Ramadass},
  journal={2009 Third International Conference on Emerging Security Information, Systems and Technologies},
  • M. FeilyA. ShahrestaniS. Ramadass
  • Published 18 June 2009
  • Computer Science
  • 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research… 

Tables from this paper

A Wide Scale Survey on Botnet

This paper discusses in detail about Botnet and related research including Botnet evolution, life-cycle, command and control models, communication protocols, Botnet detection, and Botnet mitigation mechanism etc.

Botnet and botnet detection techniques in cyber realm

  • N. KaurM. Singh
  • Computer Science
    2016 International Conference on Inventive Computation Technologies (ICICT)
  • 2016
This paper discusses Botnet, Botnet history, and life cycle of Botnet apart from classifying various Botnet detection techniques and proposes directions for future research in this area.

Trends and Challenges of Botnet Architectures and Detection Techniques

This paper classify botnet detection approaches and compare each technique to be aware of their strengths and weaknesses, and discusses the current challenges that includes future trend of botnets.

A Survey of Botnet Architecture and Batnet Detection Techniques

The architecture of botnet, the methodology of detection and techniques are described and it is shown that different solutions are used to block attacks on different levels.

A survey of botnet detection based on DNS

This paper is the first survey to discuss DNS-based botnet detection techniques in which the problems, existing solutions and the future research direction in the field ofBotnet detection based on DNS traffic analysis for effective botnets detection mechanisms in the future are explored and clarified.


In this paper a detailed study of botnet, their topologies, rallying mechanisms and communication protocols used and detection mechanisms both at the network and host level are presented.


The botnets, its architecture & characteristics and some of its specific detection techniques in detail are discussed in detail.

A Study on BOTNET Attacks and Detection Techniques

This paper is mainly focused on honeypot-based botnet detection technique and discussion over different tools are given such as Snort, Suricata, Ntop, Bothunter, etc.

Efficient Detect Scheme of Botnet Command and Control Communication

This work illustrates the correlation methods within the same botnet’s C&C communications to decrease the false positive rate, and one effective technique for botnet detection is to identify botnet CC.

A Dynamic Botnet Detection Model based on Behavior Analysis

Experimental results show that the proposed approach detects more number of bots with high accuracy, and the P2P-decentralized based botnets are more dangerous than centralized botnets.



Botnet Detection by Monitoring Group Activities in DNS Traffic

This paper proposes a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots, which is more robust than the previous approaches.

BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic

This paper proposes an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C &C server addresses, and shows that BotSniffer can detect real-world botnets with high accuracy and has a very low false positive rate.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection

This paper presents a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C &C server names/addresses).

Wide-Scale Botnet Detection and Characterization

The approach presented here differs from previous attempts to detect botnets by employing scalable non-intrusive algorithms that analyze vast amounts of summary traffic data collected on selected network links.

Botnet Research Survey

A survey of recent advances in botnet research, which classifies the botnets research into three areas: understanding botnets, detecting and trackingBotnets, and defending against botnets.

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks

This paper presents an approach to (distributed) DoS attack prevention that is based on the observation that coordinated automated activity by many hosts needs a mechanism to remotely control them and shows that this method can be realized in the Internet by describing how it infiltrated and tracked IRC-based botnets.

Flow-based identification of botnet traffic by mining multiple log files

A multiple log-file based temporal correlation technique for detecting Command and Control traffic and assuming that bots respond much faster than humans is proposed, which shows better overall performance when compared to other recently published techniques.

Revealing Botnet Membership Using DNSBL Counter-Intelligence

It is found that bots are performing reconnaissance on behalf of other bots, and counterintelligence techniques that may be useful for early bot detection are suggested.

Botnets as a Vehicle for Online Crimes

Analysis of source code and captured binaries provides insight about how botnets are built, what capabilities botnets possess, and howBotnets are operated and defended.

Zombies and botnets

This paper examines the activities and consequences associated with botnets and provides examples of existing incidents so that subscribers can be better informed of the risks.