Retrieval of Information Through Botnet Attacks: The Importance of Botnet Detection in the Modern Era

Abstract

Services and applications online involve information transmitted across the network, and therefore, the issue of security during data transmission has become crucial. Botnet is one of the prominent methods used by cybercriminals to retrieve information from internet users because of the massive impact cause by the bot armies. Thus, this chapter provides a study of Botnet and the impact of Botnet attacks especially on the security of information. In order to survive, Botnet implemented various evasion techniques, and one of the notorious ones is by manipulating an encrypted channel to perform their C&C communication. Therefore, the authors also review the state of the art for Botnet detection and focus on machine learning-based Botnet detection systems and look into the capabilities of machine learning approaches to detect this particular Botnet. Eventually, they also outline the limitations of the existing Botnet detection approach and propose an autonomous Botnet detection system.

Key Terms in this Chapter

Botnet Detection: The steps involved in the detection of a botnet via correlative analysis.

Autonomous Detection System: A detection system which able to detect the intrusion based on the stimulus and suggest appropriate action based on the level of severity attack.

Encrypted Channel: A secure channel implementing protocols/algorithms for covert communications.

Botnet: A network of private computers infected with malicious software and controlled as a group without the owners' knowledge.

Machine Learning: The use and development of computer systems that can learn and adapt without following explicit instructions, by using algorithms and statistical models to analyze and draw inferences from patterns in data.