Analysis and Detection of a Botnet

Abstract

Due to an increasing growth of Internet usage, cybercrimes has been increasing at an Alarming rate and has become most profitable criminal activity. Botnet is an emerging threat to the cyber security and existence of Command and Control Server(C&C Server) makes it very dangerous attack as compare to all other malware attacks. Botnet is a network of compromised machines which are remotely controlled by bot master to do various malicious activities with the help of command and control server and n-number of slave machines called bots. The reason behind choosing botnet as a famous weapon for cybercrimes is that, it easily hides attacker’s identity, difficult to find command and control server, encryption of malicious traffic and hide itself with normal traffic. The main motive behind botnet is Identity theft, Denial of Service attack, Click fraud, Phishing and many other malware activities. Like many other Malware, botnet is one of the dangerous attacks on cyber security. But it becomes more harmful with its autonomous behavior and longer activeness. It can also encrypt itself to hide with Normal Traffic and generate very low traffic. Botnets rely on different protocols such as IRC, HTTP and P2P for transmission. Complexity of Internet and its encrypted command and control server makes the Botnet very difficult to trace. Command and control server can work properly until it gets detected. Different botnet detection techniques have been proposed in recent years. There is a big need to design an accurate techniques or model to detect the botnet in efficient way.