Skip to main content
Springer Nature Link
Log in

Towards Evaluating the Effectiveness of Botnet Detection Techniques

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1557))

Included in the following conference series:

Abstract

Botnets are a group of compromised devices taken over and commanded by a malicious actor known as a botmaster. In recent years botnets have targeted Internet of Things (IoT) devices, significantly increasing their ability to cause disruption due to the scale of the IoT. One such IoT-based botnet was Mirai, which compromised over 140,000 devices in 2016 and was able to conduct attacks at speeds over 1 Tbps. The dynamic structure and protocols used in the IoT may potentially render conventional botnet detection techniques described in the literature incapable of exposing compromised devices. This paper discusses part of a larger project where traditional botnet detection techniques are evaluated to demonstrate their capabilities on IoT-based botnets. This paper describes an experiment involving the reconstruction of a traditional botnet detection technique, BotMiner. The experimental parameters were varied in an attempt to exploit potential weaknesses in BotMiner and to start to understand its potential performance against IoT-based botnets. The results indicated that BotMiner was able to detect IoT-based botnets surprisingly well in various small-scale scenarios, but produced false positives in more realistic, scaled-up scenarios involving IoT devices that generated traffic similar to botnet commands.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 17(4), 2347–2376 (2015)

    Article  Google Scholar 

  2. Alieyan, K., Almomani, A., Abdullah, R., Almutairi, B., Alauthman, M.: Botnet and internet of things (IoTs): a definition, taxonomy, challenges, and future directions. In: Research Anthology on Combating Denial-of-Service Attacks, pp. 138–150. IGI Global (2021)

    Google Scholar 

  3. Angrishi, K.: Turning internet of things (IoT) into internet of vulnerabilities (IoV): Iot botnets. arXiv preprint arXiv:1702.03681 (2017)

  4. Baig, Z., et al.: Future challenges for smart cities: cyber-security and digital forensics. Digit. Investig. 22 (2017). https://doi.org/10.1016/j.diin.2017.06.015

  5. Dange, S., Chatterjee, M.: IoT botnet: the largest threat to the IoT network. In: Jain, L.C., Tsihrintzis, G.A., Balas, V.E., Sharma, D.K. (eds.) Data Communication and Networks. AISC, vol. 1049, pp. 137–157. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-0132-6_10

    Chapter  Google Scholar 

  6. Elzen, I., Heugten, J.: Techniques for detecting compromised IoT devices. Master’s thesis, University of Amsterdam (2017). http://work.delaat.net/rp/2016-2017/p59/report.pdf

  7. Eslahi, M., Salleh, R., Anuar, N.B.: Bots and botnets: an overview of characteristics, detection and challenges. In: 2012 IEEE International Conference on Control System, Computing and Engineering (ICCSCE), pp. 349–354. IEEE (2012)

    Google Scholar 

  8. Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: overview and case study. HotBots 7(2007) (2007)

    Google Scholar 

  9. Gu, G., Perdisci, R., Zhang, J., Lee, W., et al.: Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: USENIX Security Symposium, vol. 5, pp. 139–154 (2008)

    Google Scholar 

  10. Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: Bothunter: detecting malware infection through IDS-driven dialog correlation. In: Usenix Security, vol. 7, pp. 1–16 (2007)

    Google Scholar 

  11. Gu, G., Yegneswaran, V., Porras, P., Stoll, J., Lee, W.: Active botnet probing to identify obscure command and control channels. In: 2009 Annual, Computer Security Applications Conference, ACSAC 2009, pp. 241–253. IEEE (2009)

    Google Scholar 

  12. Jayasinghe, K., Poravi, G.: A survey of attack instances of cryptojacking targeting cloud infrastructure. In: Proceedings of the 2020 2nd Asia Pacific Information Technology Conference, pp. 100–107 (2020)

    Google Scholar 

  13. Kumar, A., Lim, T.J.: A secure contained testbed for analyzing IoT botnets. In: Gao, H., Yin, Y., Yang, X., Miao, H. (eds.) TridentCom 2018. LNICST, vol. 270, pp. 124–137. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12971-2_8

    Chapter  Google Scholar 

  14. Lester, T.: How does mirai’s c&c communicate with its bots? stack. Stack Exchange (2017). https://security.stackexchange.com/questions/151507/how-does-mirais-cc-communicate-with-its-bots

  15. Liu, J., Xiao, Y., Ghaboosi, K., Deng, H., Zhang, J.: Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP I. Wirel. Commun. Netw. 2009, 1184–1187. IEEE Computer Society (2009)

    Google Scholar 

  16. Paganini, P.: Http-botnets: the dark side of a standard protocol! security affairs (2013). https://securityaffairs.co/wordpress/13747/cyber-crime/http-botnets.html

  17. Ramson, S.J., Vishnu, S., Shanmugam, M.: Applications of internet of things (iot)-an overview. In: 2020 5th international conference on devices, circuits and systems (ICDCS). pp. 92–95. IEEE (2020)

    Google Scholar 

  18. Shanthi, K., Seenivasan, D.: Detection of botnet by analyzing network traffic flow characteristics using open source tools. In: 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO), pp. 1–5. IEEE (2015)

    Google Scholar 

  19. Woodiss-Field, A., Johnstone, M.N.: Assessing the suitability of traditional botnet detection against contemporary threats. In: 2020 Workshop on Emerging Technologies for Security in IoT (ETSecIoT), pp. 18–21. IEEE (2020)

    Google Scholar 

  20. Zeidanloo, H.R., Shooshtari, M.J.Z., Amoli, P.V., Safari, M., Zamani, M.: A taxonomy of botnet detection techniques. In: 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), vol. 2, pp. 158–162. IEEE (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Science, Edith Cowan University, Joondalup, 6027, Australia

    Ashley Woodiss-Field, Michael N. Johnstone & Paul Haskell-Dowland

Authors
  1. Ashley Woodiss-Field
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael N. Johnstone
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul Haskell-Dowland
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashley Woodiss-Field .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. University of Queensland, Brisbane, QLD, Australia

    Ryan K. L. Ko

  4. Hunan University, Changsha, China

    Yang Xu

  5. University of Trento, Trento, Italy

    Bruno Crispo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Woodiss-Field, A., Johnstone, M.N., Haskell-Dowland, P. (2022). Towards Evaluating the Effectiveness of Botnet Detection Techniques. In: Wang, G., Choo, KK.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds) Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol 1557. Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_22

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-0468-4_22

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-0467-7

  • Online ISBN: 978-981-19-0468-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics