Abstract:
In recent years, botnets, evolving from traditional worms and Trojans, have become one of the most effective platforms for many Internet attacks. Botnets have even become a powerful weapon for cyberwarfare. Therefore, as defenders, we should pay more attention to botnets—both current research findings and their evolution trends. In this paper, we divide the evolution of botnets into five phases and analyze their characteristics and corresponding representative botnets in each phase. To describe botnets unambiguously, we define botnets formally and classify botnets into four classes based on topology structures. In order to have an overall perspective of current research works, we divide them into five fields: detection, tracking, measurement, prediction, countermeasures, and analyze each field in detail. Based on the comprehensive study of the development law of botnet attacks and defense, we exact several inescapable weaknesses inside botnets, which could be exploited to defend against botnets. To conclude the paper, we suggest possible countermeasures against botnets and predict possible evolution trends of botnets.