Botnet Detection Technology Based on DNS-Based Approach

  • Bhavya Alankar
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 109)


The major threat to the world of cyber from the last two decades is botnet, which leads to the cyber crimes in the long run. The botnet is defined as a collection of computers or devices running on multiple bots which are destructive in nature and are maintained by botmaster. The botnet enables the attacker to perform variety of attacks like steal data, send spam, denial-of-service attack, etc., and the person who is duped is unaware of it. In this paper, we have analysed the botnet in terms of existence and working. In the present scenario of digital world, a huge number of Internet users are very prone to cyber attacks as they lack the knowledge and procedures in order to detect botnet. The botnet had existed from a long time, and the threat of botnet in this digital era is known to everybody. However, to put check on botnet, the researchers need to design advanced algorithms in order to detect any type of attack as early as possible. In addition, research is on full swing to detect online attacks, frauds, and data stealing to lessen the risks of botnets. It has been examined that to notice and audit botnets, two major ways are used. The major first way is using honeypots by installing them into the servers. This honeynet is set up to focus on collecting reports of botnets and know the ways they behave. They may not be able to find botnet, but it collects the information which is further used to create a protection for botnets. The second approach for botnet detection is established on quietly checking the network movement and analysing it.


Bot agents Honeynets Botmaster Threat Command and control server (C&C) DNS-based approach 


  1. 1.
    Rossow C, Andriesse D, Werner T, Stone-Gross B, Plohmann D, Dietrich CJ, Bos H (2013) SoK: P2PWNED—modeling and evaluating the resilience of peer-to-peer botnets. In: Proceedings of the 2013 IEEE symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–22 May 2013, pp 97–111Google Scholar
  2. 2.
    Hu X, Knysz A, Shin KG (2011) Measurement and analysis of global IP-usage patterns of fast-flux botnets. In: Proceedings of the IEEE INFOCOM, Shanghai, China, 10–15 Apr 2011Google Scholar
  3. 3.
    Ji Y, He Y, Jiang X, Cao J, Li Q (2016) Combating the evasion mechanisms of social bots. Comput Secur 58:230–249CrossRefGoogle Scholar
  4. 4.
    Jerkins JA (2017) Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In: Proceedings of the 2017 IEEE 7th annual Computing And Communication Workshop and Conference(CCWC), Las Vegas, NV, USA, 9–11 Jan 2017, pp 1–5Google Scholar
  5. 5.
    Zhao G, Xu K, Xu L, Wu B (2015) Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access 3:1132–1142CrossRefGoogle Scholar
  6. 6.
    Asha S, Harsha T, Soniya B (2005) Analysis on botnet detection techniques. In: Proceedings of the international conference on Research Advances in Integrated Navigation Systems (RAINS), Karnataka, India, 6–7 May 2016, pp 1–4. Saha B, A Gairola (2005) Botnet: an overview. CERT-In White Paper CIWP-2005-05, 2005Google Scholar
  7. 7.
    Alomari E (2012) Botnet-based Distributed Denial of Service (DDoS) attacks on web servers: classification and art. 49(7): 24–32CrossRefGoogle Scholar
  8. 8.
    Barford P, Yegneswaran V (2006) An inside look at botnets. Adv Inf Sec, SpringerGoogle Scholar
  9. 9.
    Plohmann D, Gerhards-Padilla E, Leder F (2011) Botnets: detection, measurement, disinfection and defence. Eur Netw Inf Secur Agency Tech RepGoogle Scholar
  10. 10.
    Gu G, Perdisci R, Zhang J, Lee W (2011) Botminer: clustering analysis of network traffic for protocol and structure-independent botnet detection. Usenix Security Symposium, 2008. BotHunter, Bothunter: a network-based botnet diagnostic systemGoogle Scholar
  11. 11. (Online). Accessed 12 Dec 2011Google Scholar
  12. 12.
    Mody N, O’Reirdan M, Masiello S, Zebek J (2009) Common best practices for mitigating large scale bot infections in residential networks. MAAWG, July 2009Google Scholar
  13. 13.
    Sakib MN, Huang C (2016) Using anomaly detection based techniques to detect HTTP-based botnet C&C traffic. In: Proceedings of the IEEE international Conference on Communications (ICC), Kuala Lumpur, Malaysia, 23–27 May 2016, pp 1–6Google Scholar
  14. 14.
    Stone-Gross B, Cova M, Gilbert B, Kemmerer R, Kruegel C, Vigna G (2011) Analysis of a botnet takeover. IEEE Secur Priv 9:64–72CrossRefGoogle Scholar
  15. 15.
    The Honeynet Project (2016) Know your enemy: fast-flux service networks. Available online Accessed on 19 May 2016
  16. 16.
    Passerini E, Paleari R, Martignoni L, Bruschi D (2008) FluXOR: detecting and monitoring fast flux service networks. In: Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA ’08), Paris, France, 10–11 July 2008, pp 186–206Google Scholar
  17. 17.
    Wang T, Lin H, Cheng W, Chen C (2017) DBod: clustering and detecting DGA-based botnets using DNS trafficanalysis. Comput Secur 64:1–15CrossRefGoogle Scholar
  18. 18.
    Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: mirai and other Botnets. Computer 50:80–84CrossRefGoogle Scholar
  19. 19.
    Kwon J, Lee J, Lee H, Perrig A (2016) PsyBoG: A scalable botnet detection method for large-scale DNS traffic. Comput Netw 97:48–73CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Bhavya Alankar
    • 1
  1. 1.Department of Computer Science and EngineeringSchool of Engineering Sciences and TechnologyNew DelhiIndia

Personalised recommendations