Challenges and Limitations in Current Botnet Detection

Botnets are an emerging phenomenon that is becoming one of the most significant threats to security. Its danger lies less in the malicious codes themselves, but in the support they provide to implement a wide branch of very different criminal practices which are quite more compromising than harming an isolated computer, such as distributed denial of service attacks (DDoS), phishing, online fraud, dissemination of malware, building servers for exchange of illegal material or sending spam (bulk mail). Therefore, the scientific community together with the different business related corporations and public entities, should be aware of the need of developing mechanisms to improve their detection, analysis and deactivation. And these measures should be taken as soon as possible to stop the dissemination of a threat which impact factor and ?exibility in perpetrating attacks commanding an army of hijacked computers (bots), makes them a tool capable of compromising even the most complex information systems. Thus, this article sets out the main lines of current research in this field and proposing solutions to detect its existence through the analysis of the communication channels (via HTTP, P2P, IRC...) and the variations in the traffic detected, as well as their propagation mechanisms.