A taxonomy of Botnet detection techniques

Among the diverse forms of malware, Botnet is the most widespread and serious threat which occurs commonly in today´s cyber attacks. Botnets are collections of compromised computers which are remotely controlled by its originator (BotMaster) under a common Commond-and-Control (C&C) infrastructure. They provide a distributed platform for several illegal activities such as launching distributed denial of service (DDOS) attacks against critical targets, malware distribution, phishing, and click fraud. Most of the existing Botnet detection approaches concentrate only on particular Botnet command and control (C&C) protocols (e.g., IRC, HTTP) and structures (e.g., centralized), and can become ineffective as Botnets change their structure and C&C techniques. The detection of Botnet has been a major research topic in recent years. Different techniques and approaches have been proposed for detection and tracking of Botnet. This survey classifies Botnet detection techniques into two approaches. One approach is based on setting up honeynets and another approach is based on Intrusion Detection System( IDS) which has been categorized into signature-based and anomaly-based detection techniques.