Welcome to the InfoSci Platform
Reference Hub9
A Survey of Fast Flux Botnet Detection With Fast Flux Cloud Computing

A Survey of Fast Flux Botnet Detection With Fast Flux Cloud Computing

Ahmad Al-Nawasrah, Ammar Ali Almomani, Samer Atawneh, Mohammad Alauthman
Copyright: © 2020 |Volume: 10 |Issue: 3 |Pages: 37
ISSN: 2156-1834|EISSN: 2156-1826|EISBN13: 9781799807759|DOI: 10.4018/IJCAC.2020070102
Cite Article Cite Article

MLA

Al-Nawasrah, Ahmad, et al. "A Survey of Fast Flux Botnet Detection With Fast Flux Cloud Computing." IJCAC vol.10, no.3 2020: pp.17-53. http://doi.org/10.4018/IJCAC.2020070102

APA

Al-Nawasrah, A., Almomani, A. A., Atawneh, S., & Alauthman, M. (2020). A Survey of Fast Flux Botnet Detection With Fast Flux Cloud Computing. International Journal of Cloud Applications and Computing (IJCAC), 10(3), 17-53. http://doi.org/10.4018/IJCAC.2020070102

Chicago

Al-Nawasrah, Ahmad, et al. "A Survey of Fast Flux Botnet Detection With Fast Flux Cloud Computing," International Journal of Cloud Applications and Computing (IJCAC) 10, no.3: 17-53. http://doi.org/10.4018/IJCAC.2020070102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

A botnet refers to a set of compromised machines controlled distantly by an attacker. Botnets are considered the basis of numerous security threats around the world. Command and control (C&C) servers are the backbone of botnet communications, in which bots send a report to the botmaster, and the latter sends attack orders to those bots. Botnets are also categorized according to their C&C protocols, such as internet relay chat (IRC) and peer-to-peer (P2P) botnets. A domain name system (DNS) method known as fast-flux is used by bot herders to cover malicious botnet activities and increase the lifetime of malicious servers by quickly changing the IP addresses of the domain names over time. Several methods have been suggested to detect fast-flux domains. However, these methods achieve low detection accuracy, especially for zero-day domains. They also entail a significantly long detection time and consume high memory storage. In this survey, we present an overview of the various techniques used to detect fast-flux domains according to solution scopes, namely, host-based, router-based, DNS-based, and cloud computing techniques. This survey provides an understanding of the problem, its current solution space, and the future research directions expected.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.