{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T16:08:07Z","timestamp":1776182887938,"version":"3.50.1"},"reference-count":137,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2019,10,30]],"date-time":"2019-10-30T00:00:00Z","timestamp":1572393600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Botnets have carved a niche in contemporary networking and cybersecurity due to the impact of their operations. The botnet threat continues to evolve and adapt to countermeasures as the security landscape continues to shift. As research efforts attempt to seek a deeper and robust understanding of the nature of the threat for more effective solutions, it becomes necessary to again traverse the threat landscape, and consolidate what is known so far about botnets, that future research directions could be more easily visualised. This research uses the general exploratory approach of the qualitative methodology to survey the current botnet threat landscape: Covering the typology of botnets and their owners, the structure and lifecycle of botnets, botnet attack modes and control architectures, existing countermeasure solutions and limitations, as well as the prospects of a botnet threat. The product is a consolidation of knowledge pertaining the nature of the botnet threat; which also informs future research directions into aspects of the threat landscape where work still needs to be done.<\/jats:p>","DOI":"10.3390\/info10110337","type":"journal-article","created":{"date-parts":[[2019,10,31]],"date-time":"2019-10-31T05:18:26Z","timestamp":1572499106000},"page":"337","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far"],"prefix":"10.3390","volume":"10","author":[{"given":"Emmanuel C.","family":"Ogu","sequence":"first","affiliation":[{"name":"Department of Computer Science, School of Computing and Engineering Sciences, Babcock University, Ilishan-Remo 121103, Ogun State, Nigeria"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Olusegun A.","family":"Ojesanmi","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Sciences, Federal University of Agriculture, Abeokuta PMB. 2240, Ogun State, Nigeria"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Oludele","family":"Awodele","sequence":"additional","affiliation":[{"name":"Department of Computer Science, School of Computing and Engineering Sciences, Babcock University, Ilishan-Remo 121103, Ogun State, Nigeria"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"\u2018Shade","family":"Kuyoro","sequence":"additional","affiliation":[{"name":"Department of Computer Science, School of Computing and Engineering Sciences, Babcock University, Ilishan-Remo 121103, Ogun State, Nigeria"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2019,10,30]]},"reference":[{"key":"ref_1","unstructured":"FORTINET (2012). Anatomy of a Botnet, Fortinet\u00ae."},{"key":"ref_2","first-page":"95","article-title":"AIS Model for botnet detection in MANET using fuzzy function","volume":"3","author":"Hanafy","year":"2013","journal-title":"Int. J. Comput. Netw. Wirel. Mob. Commun."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"578","DOI":"10.1016\/j.cose.2009.04.007","article-title":"Utilizing bloom filters for detecting flooding attacks against SIP based services","volume":"28","author":"Geneiatakis","year":"2009","journal-title":"Comput. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Garip, T.M., Gursoy, E.M., Reiher, P., and Gerla, M. (2015, January 8). Congestion Attacks to Autonomous Cars Using Vehicular Botnets. Proceedings of the 2015 Network and Distributed System Security (NDSS) Workshop on Security of Emerging Networking Technologies, San Diego, CA, USA.","DOI":"10.14722\/sent.2015.23001"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Tanwar, G.S., and Goar, V. (2014, January 14\u201316). Tools, Techniques & Analysis of Botnet. Proceedings of the 2014 International Conference on Information and Communication Technology for Competitive Strategies, Udaipur, India.","DOI":"10.1145\/2677855.2677947"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Eslahi, M., Salleh, R., and Anuar, N. (2012, January 23\u201325). Bots and botnets: An overview of characteristics, detection and challenges. Proceedings of the International Conference on Control System, Computing and Engineering (ICCSCE), Penang, Malaysia.","DOI":"10.1109\/ICCSCE.2012.6487169"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Bijalwan, A., and Pilli, E.S. (2014, January 5). Understanding botnet onInternet. Proceedings of the IEEE International Conference on Computational Intelligence and Computing Research (ICCIC).","DOI":"10.1109\/ICCIC.2014.7238498"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"898","DOI":"10.1109\/SURV.2013.091213.00134","article-title":"A taxonomy of botnet behavior, detection, and defense","volume":"16","author":"Khattak","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_9","unstructured":"Barnett, R. (2018, May 06). Botnet Herders Targeting Web Servers. Tactical Web Application Security Blog. Available online: http:\/\/tacticalwebappsec.blogspot.com.ng\/2010\/05\/botnet-herders-targeting-web-servers.html."},{"key":"ref_10","unstructured":"Greenemeier, L. (2017, October 08). Connecting with anInternet Pioneer, 40 Years Later. Available online: https:\/\/www.scientificamerican.com\/article\/internet-pioneer-cerf\/."},{"key":"ref_11","unstructured":"Timberg, C. (2017, October 08). Net of Insecurity: A Flaw in the Design. Available online: http:\/\/www.washingtonpost.com\/sf\/business\/2015\/05\/30\/net-of-insecurity-part-1\/?utm_term=.798dc8fff3c9."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1131","DOI":"10.1080\/0003684042000247334","article-title":"Computational intermediation and the evolution of computation as a commodity","volume":"36","author":"Davies","year":"2004","journal-title":"Appl. Econ."},{"key":"ref_13","unstructured":"Dittrich, D. (1999, February 01). The DoS Project\u2019s \u201ctrinoo\u201d Distributed Denial of Service Attack Tool. Available online: http:\/\/staff.washington.edu\/dittrich\/misc\/trinoo.analysis."},{"key":"ref_14","unstructured":"Qijun, G., and Liu, P. (2019, October 21). Denial of Service Attacks. Available online: http:\/\/s2.ist.psu.edu\/paper\/DDoS-Chap-Gu-June-07.pdf."},{"key":"ref_15","unstructured":"Network Box UK Ltd. (2010). Denial of Service Attacks (DoS), Network Box. Available online: http:\/\/www.network-box.co.uk\/sites\/default\/files\/Denial%20of%20Service.pdf."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/MSP.2006.27","article-title":"The simple economics of cybercrimes","volume":"4","author":"Kshetri","year":"2006","journal-title":"IEEE Secur. Priv."},{"key":"ref_17","unstructured":"Gorman, S. (2018, March 03). Annual U.S. Cybercrime Costs Estimated at $100 Billion; Study Casts Doubt on Previous, Higher Figures. Available online: https:\/\/www.wsj.com\/articles\/SB10001424127887324328904578621880966242990."},{"key":"ref_18","unstructured":"Symantec (2011). Norton Study Calculates Cost of Global Cybercrime: $114 Billion Annually, Symantec. Available online: http:\/\/www.symantec.com\/about\/news\/release\/article.jsp?prid=20110907_02."},{"key":"ref_19","unstructured":"Internet Crime Complaint Centre (IC3) (2015, April 24). TheInternet Crime Complaint Center Receives 3 Millionth Complaint, Available online: http:\/\/www.ic3.gov\/media\/2014\/140519.aspx."},{"key":"ref_20","unstructured":"World Economic Forum (WEF) (2018). The Global Risks Report 2018, World Economic Forum. [13th ed.]. Available online: http:\/\/www3.weforum.org\/docs\/WEF_GRR18_Report.pdf."},{"key":"ref_21","unstructured":"Internet Crime Complaint Centre (IC3) (2015, April 24). 2010 Internet Crime Report, Available online: http:\/\/www.ic3.gov\/media\/annualreport\/2010_IC3Report.pdf."},{"key":"ref_22","unstructured":"Council of Europe (2001). Convention on Cybercrime, The Council of Europe\u2019s Official Treaty Office. Available online: http:\/\/conventions.coe.int\/Treaty\/EN\/Treaties\/Html\/185.htm."},{"key":"ref_23","unstructured":"United Nations Educational, Scientific and Cultural Organisation (UNESCO) (2014). The COE International Convention on Cybercrime before Its Entry Into Force, United Nations Educational, Scientific and Cultural Organisation. Available online: http:\/\/portal.unesco.org\/culture\/en\/files\/19556\/11515912361coe_e.pdf\/coe_e.pdf."},{"key":"ref_24","unstructured":"Council of Europe (2001). Convention on Cybercrime-CETS No.: 185, The Council of Europe\u2019s Official Treaty Office. Available online: https:\/\/www.coe.int\/en\/web\/conventions\/full-list\/-\/conventions\/treaty\/185\/signatures."},{"key":"ref_25","first-page":"177","article-title":"Cyber-crimes: A practical approach to the application of federal computer crime laws","volume":"16","author":"Sinrod","year":"2000","journal-title":"St. Clara Comput. High Tech. LJ"},{"key":"ref_26","unstructured":"Lee, T.B. (2013). How a Grad Student Trying to Build the First Botnet Brought the Internet to Its Knees, The Washington Post."},{"key":"ref_27","unstructured":"Egg Development Team (2019, October 21). Available online: http:\/\/www.eggheads.org\/."},{"key":"ref_28","unstructured":"Mashevsky, Y. (2015, April 26). The Bagle Botnet. SECURELIST-Information about Viruses, Hackers and Spam. Available online: http:\/\/securelist.com\/analysis\/36046\/the-bagle-botnet\/."},{"key":"ref_29","unstructured":"Cuevas, A. (2015). Botnets: Zombies, Spam, and Attacks, Sites At Penn State. Available online: http:\/\/sites.psu.edu\/psucybersecuritycuevas\/2015\/02\/18\/botnets-zombies-spam-and-attacks\/."},{"key":"ref_30","unstructured":"Miller, C. (2015, April 26). Researchers Hijack Control of Torpig Botnet. Available online: http:\/\/www.scmagazine.com\/researchers-hijack-control-of-torpig-botnet\/article\/136207\/."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"268","DOI":"10.7763\/IJCEE.2010.V2.148","article-title":"Distributed Denial of Service Prevention Techniques","volume":"2","author":"Gupta","year":"2010","journal-title":"Int. J. Comput. Electr. Eng."},{"key":"ref_32","unstructured":"SOPHOS (2014). Security Threat Report 2014, SOPHOS."},{"key":"ref_33","unstructured":"Stackpole, B. (2018, January 01). Is Your Firm Resting on its Security Laurals? Symantec Blog. Available online: https:\/\/www.symantec.com\/blogs\/feature-stories\/your-firm-resting-its-security-laurels?es_p=5721813."},{"key":"ref_34","unstructured":"KPMG (2014). Cybercrime Survey Report 2014, KPMG. Available online: https:\/\/www.kpmg.com\/IN\/en\/IssuesAndInsights\/ArticlesPublications\/Documents\/KPMG_Cyber_Crime_survey_report_2014.pdf."},{"key":"ref_35","unstructured":"DeSimone, A., and Horton, N. (2017). Sony\u2019s Nightmare before Christmas: The 2014 North Korean Cyber Attack on Sony and Lessons for US Government Actions in Cyberspace, The Johns Hopkins University Applied Physics Laboratory LLC. Available online: https:\/\/www.jhuapl.edu\/Content\/documents\/SonyNightmareBeforeChristmas.pdf."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2019.01.004","article-title":"Autonomously detecting sensors in fully distributed botnets","volume":"83","author":"Vasilomanolakis","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"2288","DOI":"10.1109\/TIFS.2019.2895955","article-title":"Why botnets work: Distributed brute-force attacks need no synchronisation","volume":"14","author":"Salamatian","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Marupally, P.R., and Paruchuri, V. (2010, January 20\u201323). Comparative Analysis and Evaluation of Botnet Command and Control Models. Proceedings of the 24th IEEE International Conference of Advanced Information Networking and Applications (AINA), Washington, DC, USA.","DOI":"10.1109\/AINA.2010.171"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Rossow, C., Andriesse, D., Werner, T., Stone-Gross, B., Plohmann, D., Dietrich, C.J., and Bos, H. (2013, January 19\u201322). Sok: P2pwned-modeling and evaluating the resilience of peer-to-peer botnets. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2013.17"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Xiao-Nan, L., Yang, L., and Hua, Z. (2011, January 27\u201329). Peer-to-Peer botnets: Analysis and defense. Proceedings of the 3rd IEEE International Conference on Communication Software and Networks (ICCSN), Xi\u2019an, China.","DOI":"10.1109\/ICCSN.2011.6013561"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1002\/sec.749","article-title":"Botnet Spoofing: Fighting Botnet with Itself","volume":"8","author":"Xiang","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"2768","DOI":"10.1109\/COMST.2017.2749442","article-title":"Botnet Communication Patterns","volume":"19","author":"Vormayr","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_43","first-page":"39","article-title":"On the Internal Workings of Botnets: A Review","volume":"138","author":"Ogu","year":"2016","journal-title":"Int. J. Comput. Appl."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv., 39.","DOI":"10.1145\/1216370.1216373"},{"key":"ref_45","unstructured":"Beek, C. (2018, June 24). Available online: https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/necurs-botnet-leads-the-world-in-sending-spam-traffic\/."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1145\/1402946.1402979","article-title":"Spamming botnets: Signatures and characteristics","volume":"38","author":"Xie","year":"2008","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_47","unstructured":"Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., and Kallitsis, M. (2017, January 16\u201318). Understanding the Mirai Botnet. Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, Canada."},{"key":"ref_48","unstructured":"Newman, L. (2018, June 24). What We Know about Friday\u2019s Massive East CoastInternet Outage. Available online: https:\/\/www.wired.com\/2016\/10\/internet-outage-ddos-dns-dyn\/."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and other botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Kambourakis, G., Kolias, C., and Stavrou, A. (2017, January 23\u201325). The Mirai botnet and the IoT zombie armies. Proceedings of the MILCOM 2017\u20132017 IEEE Military Communications Conference (MILCOM), Baltimore, MD, USA.","DOI":"10.1109\/MILCOM.2017.8170867"},{"key":"ref_51","unstructured":"Cimpanu, C. (2018, June 24). The Satori Botnet Is Mass-Scanning for Exposed Ethereum Mining Rigs. Available online: https:\/\/www.bleepingcomputer.com\/news\/security\/the-satori-botnet-is-mass-scanning-for-exposed-ethereum-mining-rigs\/."},{"key":"ref_52","unstructured":"Ragan, S. (2009). ZBot Data Dump Discovered with over 74,000 FTP Credentials, The Tech Herald. Available online: http:\/\/www.thetechherald.com\/article.php\/200927\/3960\/ZBot-data-dump-discovered-with-over-74-000-FTP-credentials."},{"key":"ref_53","unstructured":"Zetter, K. (2018, June 24). Hacker Lexicon: Botnets, the Zombie Computer Armies That Earn Hackers Millions. Available online: https:\/\/www.wired.com\/2015\/12\/hacker-lexicon-botnets-the-zombie-computer-armies-that-earn-hackers-millions\/."},{"key":"ref_54","unstructured":"BBC (2013). Botnet Steals \u2018Millions of Dollars from Advertisers\u2019, BBC. Available online: http:\/\/www.bbc.com\/news\/technology-21860360."},{"key":"ref_55","unstructured":"Plohmann, D., Gerhards-Padilla, E., and Leder, F. (2011). Botnets: Detection, Measurement, Disinfection & Defence, The European Network and Information Security Agency (ENISA)."},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Kambourakis, G., Anagnostopoulos, M., Meng, W., and Zhou, P. (2019). Botnets: Architectures, Countermeasures, and Challenges, CRC Press.","DOI":"10.1201\/9780429329913"},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., and Vigna, G. (2009, January 9\u201313). Your botnet is my botnet: Analysis of a botnet takeover. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA.","DOI":"10.1145\/1653662.1653738"},{"key":"ref_58","first-page":"19","article-title":"Botnets as a vehicle for online crime","volume":"2","author":"Ianelli","year":"2005","journal-title":"Forensic Comput. Sci. IJoFCS"},{"key":"ref_59","unstructured":"Honeynet Project and Research Alliance (2019, October 21). Available online: http:\/\/www. honeynet.org\/papers\/bots\/."},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"1801","DOI":"10.1109\/TIFS.2017.2688414","article-title":"Preventing distributed denial-of-service flooding attacks with dynamic path identifiers","volume":"12","author":"Luo","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_61","doi-asserted-by":"crossref","first-page":"5423","DOI":"10.1166\/asl.2017.7391","article-title":"A Rule-Based Mechanism for Detecting HTTP Denial of Service Attacks During Flash Crowd Event","volume":"23","author":"Alsaleem","year":"2017","journal-title":"Adv. Sci. Lett."},{"key":"ref_62","first-page":"1","article-title":"Rule-based detection technique for ICMPv6 anomalous behaviour","volume":"30","author":"Saad","year":"2017","journal-title":"Neural Comput. Appl."},{"key":"ref_63","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1016\/j.comnet.2017.03.018","article-title":"Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling","volume":"121","author":"Jazi","year":"2017","journal-title":"Comput. Netw."},{"key":"ref_64","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1016\/j.cosrev.2017.07.003","article-title":"Characterizing DDoS attacks and flash events: Review, research gaps and future directions","volume":"25","author":"Behal","year":"2017","journal-title":"Comput. Sci. Rev."},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"70","DOI":"10.15837\/ijccc.2013.1.170","article-title":"Detecting DDoS attacks in cloud computing environment","volume":"8","author":"Lonea","year":"2013","journal-title":"Int. J. Comput. Commun. Control"},{"key":"ref_66","doi-asserted-by":"crossref","unstructured":"D\u2019Cruze, H., Wang, P., Sbeit, R.O., and Ray, A. (2018). A Software-Defined Networking (SDN) Approach to Mitigating DDoS Attacks. Information Technology-New Generations, Springer.","DOI":"10.1007\/978-3-319-54978-1_19"},{"key":"ref_67","doi-asserted-by":"crossref","unstructured":"He, Z., Zhang, T., and Lee, R.B. (2017, January 26\u201328). Machine Learning Based DDoS Attack Detection from Source Side in Cloud. Proceedings of the IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA.","DOI":"10.1109\/CSCloud.2017.58"},{"key":"ref_68","first-page":"6","article-title":"Detection of Anomaly Based Application Layer DDoS Attacks Using Machine Learning Approaches","volume":"4","author":"Nidhi","year":"2016","journal-title":"i-Manag. J. Comput. Sci."},{"key":"ref_69","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1109\/TIFS.2013.2296437","article-title":"Toward incentivizing anti-spoofing deployment","volume":"9","author":"Liu","year":"2014","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_70","first-page":"82","article-title":"On the Deployability of Inter-AS Spoofing Defenses","volume":"29","author":"Liu","year":"2015","journal-title":"Network"},{"key":"ref_71","doi-asserted-by":"crossref","unstructured":"Ying, W. (2014, January 8\u201310). Encrypted Botnet Detection Scheme. Proceedings of the Ninth International Conference on P2P, Parallel, Grid, Cloud andInternet Computing (3PGCIC), Guangdong, China.","DOI":"10.1109\/3PGCIC.2014.110"},{"key":"ref_72","doi-asserted-by":"crossref","unstructured":"Zhang, H., Papadopoulos, C., and Massey, D. (2013, January 14\u201319). Detecting encrypted botnet traffic. Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Turin, Italy.","DOI":"10.1109\/INFCOM.2013.6567180"},{"key":"ref_73","doi-asserted-by":"crossref","unstructured":"Zand, A., Vigna, G., Yan, X., and Kruegel, C. (2014, January 24\u201328). Extracting probable command and control signatures for detecting botnets. Proceedings of the 29th Annual ACM Symposium on Applied Computing, Gyeongju, Korea.","DOI":"10.1145\/2554850.2554896"},{"key":"ref_74","doi-asserted-by":"crossref","unstructured":"Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., and Kruegel, C. (2012, January 3\u20137). Disclosure: Detecting botnet command and control servers through large-scale netflow analysis. Proceedings of the 28th Annual Computer Security Applications Conference, Orlando, FL, USA.","DOI":"10.1145\/2420950.2420969"},{"key":"ref_75","doi-asserted-by":"crossref","unstructured":"Bhatia, J.S., Sehgal, R.K., and Kumar, S. (2011). Honeynet based botnet detection using command signatures. Advances in Wireless, Mobile Networks and Applications, Springer.","DOI":"10.1007\/978-3-642-21153-9_7"},{"key":"ref_76","doi-asserted-by":"crossref","unstructured":"Wang, K., Huang, C.-Y., Tsai, L.-Y., and Lin, Y.-D. (2014). Behaviour-based botnet detection in parallel. Security and Communication Networks, John Wiley & Sons Ltd.","DOI":"10.1002\/sec.898"},{"key":"ref_77","doi-asserted-by":"crossref","first-page":"548","DOI":"10.1016\/j.procs.2013.06.073","article-title":"Towards fingerprinting malicious traffic","volume":"19","author":"Boukhtouta","year":"2013","journal-title":"Procedia Comput. Sci."},{"key":"ref_78","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1016\/j.cose.2013.04.007","article-title":"Botnet detection based on traffic behavior analysis and flow intervals","volume":"39","author":"Zhao","year":"2013","journal-title":"Comput. Secur."},{"key":"ref_79","doi-asserted-by":"crossref","first-page":"491","DOI":"10.1007\/s10257-011-0171-7","article-title":"Behavioral analysis of botnets for threat intelligence","volume":"10","author":"Caglayan","year":"2012","journal-title":"Inf. Syst. E-Bus. Manag."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1016\/j.cose.2015.07.004","article-title":"Man-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning","volume":"55","author":"Jia","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_81","first-page":"50","article-title":"Genetic algorithm based layered detection and defense of HTTP botnet","volume":"5","author":"Mathew","year":"2014","journal-title":"Int. J. Netw. Secur."},{"key":"ref_82","doi-asserted-by":"crossref","first-page":"1697","DOI":"10.1007\/s00500-014-1250-8","article-title":"A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment","volume":"18","author":"Choi","year":"2014","journal-title":"Soft Comput."},{"key":"ref_83","doi-asserted-by":"crossref","unstructured":"Eslahi, M., Hashim, H., and Tahir, N.M. (2013, January 7\u20139). An efficient false alarm reduction approach in HTTP-based botnet detection. Proceedings of the 2013 IEEE Symposium on Computers Informatics (ISCI), Langkawi, Malaysia.","DOI":"10.1109\/ISCI.2013.6612403"},{"key":"ref_84","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1016\/j.cose.2014.07.007","article-title":"Cylindrical Coordinates Security Visualisation for multiple domain command and control botnet detection","volume":"46","author":"Seo","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_85","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1109\/CC.2013.6674213","article-title":"Hybrid detection and tracking of fast-flux botnet on domain name system traffic","volume":"10","author":"Futai","year":"2013","journal-title":"Commun. China"},{"key":"ref_86","first-page":"7","article-title":"Recognizing P2P botnets characteristic through TCP distinctive behaviour","volume":"9","author":"Abdullah","year":"2011","journal-title":"Int. J. Comput. Sci. Inf. Secur."},{"key":"ref_87","doi-asserted-by":"crossref","unstructured":"Wang, J., and Paschalidis, I.C. (2014, January 27\u201330). Botnet detection using social graph analysis. Proceedings of the 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton), Monticello, IL, USA.","DOI":"10.1109\/ALLERTON.2014.7028482"},{"key":"ref_88","unstructured":"Zhang, J., Xie, Y., Yu, F., Soukal, D., and Lee, W. (2013, January 24\u201327). Intention and Origination: An Inside Look at Large-Scale Bot Queries. Proceedings of the 20th Annual Network & Distributed System Security Symposium, San Diego, CA, USA."},{"key":"ref_89","doi-asserted-by":"crossref","unstructured":"Raghava, N.S., Sahgal, D., and Chandna, S. (2012, January 11\u201313). Classification of botnet detection based on botnet architechture. Proceedings of the International Conference on Communication Systems and Network Technologies (CSNT), Rajkot, India.","DOI":"10.1109\/CSNT.2012.128"},{"key":"ref_90","unstructured":"Spitzner, L. (2003). Honeypots: Tracking Hackers, Addison Wesley Professional."},{"key":"ref_91","doi-asserted-by":"crossref","unstructured":"Al-Hakbani, M.M., and Dahshan, M.H. (2015, January 26\u201328). Avoiding honeypot detection in peer-to-peer botnets. Proceedings of the IEEE International Conference on Engineering and Technology (ICETECH), Liverpool, UK.","DOI":"10.1109\/ICETECH.2015.7275017"},{"key":"ref_92","unstructured":"Daniel, A., and Hongmei, C. (2013, January 4\u20136). An empirical study of botnets on university networks using low-interaction honeypots. Proceedings of the 51st ACM Southeast Conference, Savannah, GA, USA."},{"key":"ref_93","doi-asserted-by":"crossref","first-page":"1094","DOI":"10.1002\/sec.431","article-title":"Detection of botnets before activation: An enhanced honeypot system for intentional infection and behavioral observation of malware","volume":"5","author":"Moon","year":"2012","journal-title":"Secur. Commun. Netw."},{"key":"ref_94","first-page":"15","article-title":"Honeypots: Intrusion deception","volume":"48","author":"Barfar","year":"2015","journal-title":"Inf. Syst. Secur. Assoc. J."},{"key":"ref_95","unstructured":"Landecki, G. (2018, January 17). Detecting Botnets, Issue 177. Available online: http:\/\/www.linuxjournal.com\/magazine\/detecting-botnets."},{"key":"ref_96","doi-asserted-by":"crossref","unstructured":"Panimalar, P., and Rameshkumar, K. (2014, January 29\u201330). A review on taxonomy of botnet detection. Proceedings of the International Conference on Advances in Engineering and Technology (ICAET), Singapore.","DOI":"10.1109\/ICAET.2014.7105225"},{"key":"ref_97","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/j.cose.2009.07.007","article-title":"On the detection and identification of botnets","volume":"29","author":"Seewald","year":"2010","journal-title":"Comput. Secur."},{"key":"ref_98","doi-asserted-by":"crossref","first-page":"514","DOI":"10.1016\/j.comnet.2012.07.018","article-title":"Effective bot host detection based on network failure models","volume":"57","author":"Huang","year":"2013","journal-title":"Comput. Netw."},{"key":"ref_99","doi-asserted-by":"crossref","unstructured":"Narang, P., Ray, S., Hota, C., and Venkatakrishnan, V. (2014, January 17\u201318). Peershark: Detecting peer-to-peer botnets by tracking conversations. Proceedings of the 2014 IEEE Security and Privacy Workshops (SPW)), San Jose, CA, USA.","DOI":"10.1109\/SPW.2014.25"},{"key":"ref_100","first-page":"1","article-title":"PeerShark: Flow-clustering and conversation-generation for malicious peer-to-peer traffic identification","volume":"1","author":"Narang","year":"2014","journal-title":"EURASIP J. Inf. Secur."},{"key":"ref_101","doi-asserted-by":"crossref","unstructured":"Watkins, L., Kawka, C., Corbett, C., and Robinson, W.H. (2014, January 28\u201330). Fighting banking botnets by exploiting inherent command and control vulnerabilities. Proceedings of the 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), Fajardo, PR, USA.","DOI":"10.1109\/MALWARE.2014.6999411"},{"key":"ref_102","doi-asserted-by":"crossref","unstructured":"Yan, Z., Kantola, R., and Shen, Y. (2012, January 25\u201327). Unwanted traffic control via hybrid trust management. Proceedings of the IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, UK.","DOI":"10.1109\/TrustCom.2012.291"},{"key":"ref_103","doi-asserted-by":"crossref","unstructured":"Hangxia, Z. (2010, January 30\u201331). Mitigating Peer-to-Peer Botnets by Sybil Attacks. Proceedings of the International Conference on Innovative Computing & Communication, 2010 and Information Technology & Ocean Engineering and 2010 Asia-Pacific Conference on (CICC-ITOE), Macao, China.","DOI":"10.1109\/CICC-ITOE.2010.67"},{"key":"ref_104","doi-asserted-by":"crossref","first-page":"645","DOI":"10.1007\/s12083-012-0195-x","article-title":"A novel method of mining network flow to detect P2P botnets","volume":"7","author":"Lin","year":"2014","journal-title":"Peer Peer Netw. Appl."},{"key":"ref_105","doi-asserted-by":"crossref","first-page":"1872","DOI":"10.1002\/sec.902","article-title":"Frequent sub-graph mining for intelligent malware detection","volume":"7","author":"Eskandari","year":"2014","journal-title":"Secur. Commun. Netw."},{"key":"ref_106","unstructured":"Tsuruta, H., and Shoudai, T. (September, January 31). Structure-based Data Mining and Screening for Network Traffic Data. Proceedings of the IIAI International Conference on Advanced Applied Informatics (IIAIAAI), Matsue, Japan."},{"key":"ref_107","doi-asserted-by":"crossref","unstructured":"Garant, D., and Lu, W. (2013, January 25\u201328). Mining Botnet Behaviors on the Large-Scale Web Application Community. Proceedings of the 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Barcelona, Spain.","DOI":"10.1109\/WAINA.2013.235"},{"key":"ref_108","doi-asserted-by":"crossref","unstructured":"Ohrui, M., Kikuchi, H., Terada, M., and Rosyid, N.R. (2011, January 7\u20139). Apriori-PrefixSpan Hybrid Approach for Automated Detection of Botnet Coordinated Attacks. Proceedings of the 14th International Conference on Network-Based Information Systems (NBiS), Tirana, Albania.","DOI":"10.1109\/NBiS.2011.23"},{"key":"ref_109","doi-asserted-by":"crossref","unstructured":"Monshizadeh, M., and Yan, Z. (2014, January 11\u201313). Security Related Data Mining. Proceedings of the IEEE International Conference on Computer and Information Technology (CIT), Xi\u2019an, China.","DOI":"10.1109\/CIT.2014.130"},{"key":"ref_110","doi-asserted-by":"crossref","unstructured":"So-In, C., Mongkonchai, N., Aimtongkham, P., Wijitsopon, K., and Rujirakul, K. (2014, January 6\u20138). An evaluation of data mining classification models for network intrusion detection. Proceedings of the Fourth International Conference on Digital Information and Communication Technology and It\u2019s Applications (DICTAP), Bangkok, Thailand.","DOI":"10.1109\/DICTAP.2014.6821663"},{"key":"ref_111","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/MCOM.2015.7180509","article-title":"From botnets to MobiBots: A novel malicious communication paradigm for mobile botnets","volume":"53","author":"Mtibaa","year":"2015","journal-title":"IEEE Commun. Mag."},{"key":"ref_112","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1007\/s10207-015-0310-0","article-title":"New facets of mobile botnet: Architecture and evaluation","volume":"15","author":"Anagnostopoulos","year":"2016","journal-title":"Int. J. Inf. Secur."},{"key":"ref_113","doi-asserted-by":"crossref","unstructured":"Anagnostopoulos, M., Kambourakis, G., Drakatos, P., Karavolos, M., Kotsilitis, S., and Yau, D.K. (2017, January 7\u201311). Botnet Command and Control Architectures Revisited: Tor Hidden Services and Fluxing. Proceedings of the International Conference on Web Information Systems Engineering, Moscow, Russia.","DOI":"10.1007\/978-3-319-68786-5_41"},{"key":"ref_114","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1109\/TIFS.2015.2478741","article-title":"Analyzing Android Encrypted Network Traffic to Identify User Actions","volume":"11","author":"Conti","year":"2016","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_115","doi-asserted-by":"crossref","unstructured":"Kadir, A.F., Stakhanova, N., and Ghorbani, A.A. (2015). Android Botnets: What URLs are Telling Us. Network and System Security, Springer.","DOI":"10.1007\/978-3-319-25645-0_6"},{"key":"ref_116","doi-asserted-by":"crossref","unstructured":"Farina, P., Cambiaso, E., Papaleo, G., and Aiello, M. (2015, January 24\u201326). Understanding DDoS Attacks from Mobile Devices. Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud), Rome, Italy.","DOI":"10.1109\/FiCloud.2015.19"},{"key":"ref_117","doi-asserted-by":"crossref","unstructured":"Alzahrani, A.J., and Ghorbani, A.A. (2015, January 21\u201323). Real-time signature-based detection approach for SMS botnet. Proceedings of the 13th Annual Conference on Privacy, Security and Trust (PST), Izmir, Turkey.","DOI":"10.1109\/PST.2015.7232968"},{"key":"ref_118","doi-asserted-by":"crossref","first-page":"679","DOI":"10.1093\/comjnl\/bxu063","article-title":"Multilevel Analysis to Detect Covert Social Botnet in Multimedia Social Networks","volume":"58","author":"Natarajan","year":"2015","journal-title":"Comput. J."},{"key":"ref_119","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10207-013-0206-9","article-title":"Portfolio optimisation of computer and mobile botnets","volume":"13","author":"Liao","year":"2014","journal-title":"Int. J. Inf. Secur."},{"key":"ref_120","unstructured":"Eslahi, M., Rostami, M.R., Hashim, H., Tahir, N.M., and Naseri, M.V. (October, January 28). A data collection approach for Mobile Botnet analysis and detection. Proceedings of the IEEE Symposium on Wireless Technology and Applications (ISWTA), Kota Kinabalu, Malaysia."},{"key":"ref_121","doi-asserted-by":"crossref","unstructured":"Mtibaa, A., Alnuweiri, H., and Harras, K. (2014, January 18\u201319). Mobibots: Risk Assessment Of Collaborative Mobile-to-mobile Malicious Communication. Proceedings of the Qatar Foundation Annual Research Conference, Doha, Qatar.","DOI":"10.5339\/qfarc.2014.ITPP1085"},{"key":"ref_122","doi-asserted-by":"crossref","unstructured":"Abdullah, Z., Saudi, M.M., and Anuar, N.B. (2014, January 4\u20135). Mobile botnet detection: Proof of concept. Proceedings of the 5th IEEE Control and System Graduate Research Colloquium (ICSGRC), Shah Alam, Malaysia.","DOI":"10.1109\/ICSGRC.2014.6908733"},{"key":"ref_123","doi-asserted-by":"crossref","unstructured":"Hamon, V. (2014). Android botnets for multi-targeted attacks. J. Comput. Virol. Hacking Tech., 1\u201310.","DOI":"10.1007\/s11416-014-0216-9"},{"key":"ref_124","doi-asserted-by":"crossref","unstructured":"Mtibaa, A. (2013, January 24\u201325). MobiBots: Towards detecting distributed mobile botnets. Proceedings of the Qatar Foundation Annual Research Conference, Doha, Qatar.","DOI":"10.5339\/qfarf.2013.ICTO-05"},{"key":"ref_125","doi-asserted-by":"crossref","unstructured":"Choi, B., Choi, S.K., and Cho, K. (2013, January 3\u20135). Detection of mobile botnet using vpn. Proceedings of the Seventh International Conference on Innovative Mobile andInternet Services in Ubiquitous Computing (IMIS), Taichung, Taiwan.","DOI":"10.1109\/IMIS.2013.32"},{"key":"ref_126","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1007\/s11416-012-0163-2","article-title":"Symbian worm Yxes: Towards mobile botnets?","volume":"8","author":"Apvrille","year":"2012","journal-title":"J. Comput. Virol."},{"key":"ref_127","doi-asserted-by":"crossref","unstructured":"Mtibaa, A., Harras, K., and Alnuweiri, H. (2014, January 4\u20137). Malicious attacks in Mobile Device Clouds: A data driven risk assessment. Proceedings of the 23rd International Conference on Computer Communication and Networks (ICCCN), Shanghai, China.","DOI":"10.1109\/ICCCN.2014.6911812"},{"key":"ref_128","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MC.2012.296","article-title":"IPv6: A Catalyst and Evasion Tool for Botnets and Malware Delivery Networks","volume":"46","author":"Li","year":"2013","journal-title":"Computer"},{"key":"ref_129","doi-asserted-by":"crossref","unstructured":"Zhao, S., Lee, P.P., Lui, J., Guan, X., Ma, X., and Tao, J. (2012, January 3\u20137). Cloud-based push-styled mobile botnets: A case study of exploiting the cloud to device messaging service. Proceedings of the 28th Annual Computer Security Applications Conference, Orlando, FL, USA.","DOI":"10.1145\/2420950.2420968"},{"key":"ref_130","doi-asserted-by":"crossref","unstructured":"Badis, H., Doyen, G., and Khatoun, R. (2015, January 11\u201315). A collaborative approach for a source based detection of botclouds. Proceedings of the IFIP\/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, Canada.","DOI":"10.1109\/INM.2015.7140406"},{"key":"ref_131","unstructured":"Kebande, V.R., and Venter, H.S. (May, January 29). A cognitive approach for botnet detection using Artificial Immune System in the cloud. Proceedings of the Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Beirut, Lebanon."},{"key":"ref_132","first-page":"32","article-title":"Mitigation of Distributed Denial of Service Attacks in the Cloud","volume":"17","author":"Alosaimi","year":"2017","journal-title":"Cybern. Inf. Technol."},{"key":"ref_133","doi-asserted-by":"crossref","unstructured":"Wahab, O.A., Bentahar, J., Otrok, H., and Mourad, A. (2017, January 25\u201330). I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud. Proceedings of the IEEE International Conference on Web Services (ICWS), Honolulu, HI, USA.","DOI":"10.1109\/ICWS.2017.88"},{"key":"ref_134","doi-asserted-by":"crossref","unstructured":"Daffu, P., and Kaur, A. (2016, January 19\u201320). Mitigation of DDoS attacks in cloud computing. Proceedings of the 5th International Conference on Wireless Networks and Embedded Systems (WECON), Rajpura, India.","DOI":"10.1109\/WECON.2016.7993478"},{"key":"ref_135","doi-asserted-by":"crossref","unstructured":"Chang, W., Wang, A., Mohaisen, A., and Chen, S. (2014, January 17\u201322). Characterizing botnets-as-a-service. Proceedings of the 2014 ACM Conference on SIGCOMM, Chicago, IL, USA.","DOI":"10.1145\/2619239.2631464"},{"key":"ref_136","doi-asserted-by":"crossref","unstructured":"Bottazzi, G., and Me, G. (2014, January 9\u201311). The Botnet Revenue Model. Proceedings of the 7th International Conference on Security of Information and Networks, Glasgow, UK.","DOI":"10.1145\/2659651.2659673"},{"key":"ref_137","unstructured":"Vasilomanolakis, E., Wolf, J.H., B\u00f6ck, L., Karuppayah, S., and M\u00fchlh\u00e4user, M. (2017). I Trust my Zombies: A Trust-enabled Botnet. arXiv."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/10\/11\/337\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:30:29Z","timestamp":1760189429000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/10\/11\/337"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10,30]]},"references-count":137,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2019,11]]}},"alternative-id":["info10110337"],"URL":"https:\/\/doi.org\/10.3390\/info10110337","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,10,30]]}}}