Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era pervasive computing and the Internet Things. Botnets shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam malware propagation. In this paper, systematic literature review on botnets is presented reader order obtain understand...

To early detect and defend the threats in the Internet caused by botnet, darknet monitoring is very important to understand various botnet activities. However, common illegal accesses by ordinary malwares makes such detection difficult. In this paper, in order to remove such accesses by ordinary malwares from the results of network monitoring, we propose a data screening method based on finding...

Nowadays decentralized botnets pose a great threat to Internet. They evolve new features such as P2P Command and Control(C&C), which makes traditional detection methods no longer effective for indicating the existence of the bots. In this paper, based on several of the new P2P botnet characteristic properties, we propose a novel real-time detecting model – MSFM (Multi-Stream Fused Model). MSFM ...

Many botnet detection systems employ a blacklist of known command and control (C&C) domains to detect bots and block their traffic. Similar to signature-based virus detection, such a botnet detection approach is static because the blacklist is updated only after running an external (and often manual) process of domain discovery. As a response, botmasters have begun employing domain generation a...

Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...

The detection of hosts infected with botnet malware in a timely manner is an important task, since botnets are responsible for many recent security incidents. We propose Themis, an approach based on inferring the structure of time varying IPto-IP communication with the Stochastic Block Model (SBM). Themis use the inferred structure to detect and quantify abnormal behavior of individual hosts. T...