|
|
|
| Botnet detection techniques: review, future trends, and issues |
| Ahmad Karim, Rosli Bin Salleh, Muhammad Shiraz, Syed Adeel Ali Shah, Irfan Awan, Nor Badrul Anuar |
| Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur, Malaysia; Department of Computer Science, University of Bradford, Bradford BD7 1DP, UK |
|
|
|
Abstract In recent years, the Internet has enabled access to widespread remote services in the distributed computing environment; however, integrity of data transmission in the distributed computing platform is hindered by a number of security issues. For instance, the botnet phenomenon is a prominent threat to Internet security, including the threat of malicious codes. The botnet phenomenon supports a wide range of criminal activities, including distributed denial of service (DDoS) attacks, click fraud, phishing, malware distribution, spam emails, and building machines for illegitimate exchange of information/materials. Therefore, it is imperative to design and develop a robust mechanism for improving the botnet detection, analysis, and removal process. Currently, botnet detection techniques have been reviewed in different ways; however, such studies are limited in scope and lack discussions on the latest botnet detection techniques. This paper presents a comprehensive review of the latest state-of-the-art techniques for botnet detection and figures out the trends of previous and current research. It provides a thematic taxonomy for the classification of botnet detection techniques and highlights the implications and critical aspects by qualitatively analyzing such techniques. Related to our comprehensive review, we highlight future directions for improving the schemes that broadly span the entire botnet detection research field and identify the persistent and prominent research challenges that remain open.
|
|
Received: 31 August 2013
Published: 07 November 2014
|
|
|
僵尸网络探测技术:回顾、发展趋势及存在的问题
近年来,互联网使得人们可以在分布式计算环境中获取广泛的远程服务。然而,一系列安全问题影响着分布式计算平台数据传输完整性。例如,\"僵尸网络\"(包含恶意代码)就是互联网安全的一种显著威胁。多种犯罪活动依附于僵尸网络,包括分布式拒绝服务(DDoS)攻击、点击欺诈、网络钓鱼、恶意软件分发、垃圾邮件、建立用于非法信息交换的机器,等等。因此,有必要设计并构建一种稳健的机制以提升僵尸网络的探测、分析和移除过程。目前,已有较多工作从不同角度针对僵尸网络的探测技术进行综述,但是,这些工作视角有限,缺乏对最新技术的探讨。本文全面评述僵尸网络最新探测技术,指出该技术的发展趋势;对僵尸网络探测技术作了分类,并通过定性分析凸显了这些技术的潜在影响和关键方面。基于此全面综述,指出涵盖整个僵尸网络探测领域多个方案的改进方向,并指明此领域长期存在的显著挑战。
关键词:
僵尸网络检测,
异常检测,
网络安全,
攻击,
防护,
分类
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
