Botnet threat has increased enormously with adoption of newer technologies like root kit, anti-antivirus modules etc. by the hackers. Emergence of botnets having distributed C & C structure that mimic P2P technologically, has made its detection and dismantling extremely difficult. However, numeric flow feature values of P2P botnet C & C traffic can be used to generate fuzzy rule-set which can t...

In this paper, some clustering techniques are analyzed to compare their ability to detect botnet traffic by selecting features that distinguish connections belonging to or not belonging to a botnet. By considering the history of network’s connections, some clustering algorithms are used to derive a set of rules to decide which should be considered as a botnet. Our main contribution is to evalua...

Botnets are one of the main aggressive threats against cybersecurity. To evade the detection systems, recent botnets use the most common communication protocols on the Internet to hide themselves in the legitimate users traffic. From this perspective, most recent botnets are HTTP based and/or Peer-to-Peer (P2P) systems. In this work, we investigate whether such structural differences have any i...

“Botnets” consist of a network compromised machines controlled by an attacker (“botmaster”). Traditionally botnets have been integrated with computers, and have been the primary cause of many malicious Internet attacks. However, with emerging technologies such as tablets, cellphones, and other mobile devices; have presented new challenges in simulating what a modern botnet could look like, and ...

In this paper, we examine the challenges faced when evaluating botnet detection systems. Many of these challenges stem from difficulties in obtaining and sharing diverse sets of real network traces, as well as determining a botnet ground truth in such traces. On the one hand, there are good reasons why network traces should not be shared freely, such as privacy concerns, but on the other hand, ...

The collection of infected systems called botnet which is controlled by the one named as bot master. Botnets are capable to initiate many DoS attacks. Denial of Service attack (DoS) is attempted by the attacker to prevent legal user and in Distributed Denial of Service attack (DDoS) the attacker sends more number of unwanted request at the same time to infect particular host. The botnet control...

Internet attacks are growing with time, threats are increasing to disable infrastructure to those that also target peoples and organization, these increasing large attacks, and the new class of attacks directly targets the large businesses and governments around the world. At the centre of many of these attacks is a large pool of compromised computers which are called zombies commonly controlle...

Botnet dikenalpasti sebagai salah satu ancaman yang paling banyak muncul kerana penjenayah Siber berusaha gigih untuk menjadikan sebahagian besar pengguna rangkaian komputer sasaran mereka. Oleh itu, ramai penyelidik telah menjalankan kajian mengenai botnet dan cara mengesan dalam trafik rangkaian. Kebanyakan mereka hanya menggunakan ciri di sistem tanpa menyebut pengaruh pengesanan botnet. Pem...

This paper studies the impact of a mobile botnet on a Long Term Evolution (LTE) network by implementing a mobile botnet architecture that initiates a Distributed Denial of Service (DDoS) attack. To understand the behavior of the mobile botnet, a correlation between the mobile devices’ mobility and the DDoS attack is established. Real traces of taxi cabs are used to simulate the mobile devices’ ...

One of the most prevalent problems in modern internet security is the botnet – large numbers of computers running the same malicious, self-propagating program without their users' knowledge. Bot programs communicate with their (human) botmaster, who can command them to stage distributed denial of service attacks, send spam, commit click fraud, send back user passwords, or any number of other il...