ABSTRACT:
Botnets are good examples of fast growing malware that are used to launch attacks in the internet space. Botnets are very different from other categories of malware because they use Command and Control (C &C) servers. These C & C channels are employed by botnets for propagating and launching attacks such as DDOS, Spamming, Click Fraud, Drive by Download and many others. The new variants of botnets have been identified to exhibit detection evasive strategies which make it more difficult for detection models to effectively detect them. For instance, newer botnets have migrated from the centralised architecture to decentralised architecture while some are using detection evasion techniques such as communication encryption and IP (or Domain) fluxing techniques are used at times. In this work, a review on the techniques that have been proposed to identify detection-evasive botnets as reported in literature is presented. The target of this work is to provide more insights on the evolving adversarial tendencies of the botnet malware and the mechanisms that have been proposed in literature. The category of detection evasion techniques that are emphasised are: Decentralised (Peer-to-Peer) architecture and DNS Fast Fluxing. The study concluded that having an understanding of identification techniques for detection-evasive botnets can aid in achieving improved detection models.
Keywords:
Botnet Detection, DNS Fast Fluxing, Internet Security, Peer-to-Peer botnet
