Overview of Botnet Detection

With the rapid development of botnet, the Internet has been facing the growing and disastrous threats. These threats can disable the infrastructure and cause the financial damages, which leads to a severe challenge for the global network security. In order to defense and counter the botnet, the detection is absolutely the basis. Therefore, the research on botnet detection has recently become a hot topic in the field of network security. After analyzing the proposed detection techniques, the authors present the basic process of botnet detection, and make classification for these techniques. Furthermore, according to the different stages of the life cycle of botnet, i.e., propagation, infection, communication and attack, they go into detail about main idea, detection process, merits and shortcomings of the existing techniques. Then, they summarize the approaches and the corresponding algorithms used in the detection techniques, propose the evaluation indices in the six dimensions of source, scope, real-time, accuracy, applicability and flexibility, and compare the representative techniques based on these indices. Later, they discuss the key issues of botnet detection in the fields of multi-source information collection and fusion, essential feature extraction, detection of communication and behavior, correlation analysis and detection architecture. Finally, future research trends are reviewed.