SECURITY THREATS/ATTACKS VIA BOTNETS AND BOTNET DETECTION PREVENTION TECHNIQUES IN COMPUTER NETWORKS: A REVIEW

摘要

Today botnets have become one of the biggest risks in the network and security world and have been an infrastructure to carry out nearly every type of cyber-attacks as they provide a distributed platform for different illegal activities like launching the distributed denial of service attacks (DDoS). Recently botnet detection has been a very interesting research topic in the cyber security platform. Botnets are mainly responsible for large scale coordinated attacks. Infected computers also known as an 'Agent' or 'Zombies' perform all kinds of tasks for the bot-master such as phishing campaigns, sending spam, delivering malware or leasing or selling botnet to other hackers or fraudsters. Further, botnets remain a large-scale problem that affects the entire Internet and cyber-security community and requires a significant level of co-operation among operators and providers. Unlike the other types of malwares, botnets are well organized and controlled by skilled bot-masters. They employ various strategies to keep their bots safe and hidden if possible. Therefore, botnet detection is a big challenge in network security management. There are several methods and techniques in detecting and tracking the botnet activities. Each of these techniques has its advantages and disadvantages. In addition, these techniques are designed based on computers and computer networks' specifications and might not be fully applicable for new generations of botnets. As botnets change their C&C communication architecture, these methods will be ineffective. Hence, developing techniques based on data mining and DNS traffic for botnet C&C traffic detection has been the most promising approach to combat botnet threat against online ecosystems and computer assets. This paper reviews overview of current state of bots and botnets, how networks are threatened or attacked by botnets with their detection and the prevention techniques.