Towards evaluating the effectiveness of botnet detection techniques

Abstract

Botnets are a group of compromised devices taken over and commanded by a malicious actor known as a botmaster. In recent years botnets have targeted Internet of Things (IoT) devices, significantly increasing their ability to cause disruption due to the scale of the IoT. One such IoT-based botnet was Mirai, which compromised over 140,000 devices in 2016 and was able to conduct attacks at speeds over 1 Tbps. The dynamic structure and protocols used in the IoT may potentially render conventional botnet detection techniques described in the literature incapable of exposing compromised devices. This paper discusses part of a larger project where traditional botnet detection techniques are evaluated to demonstrate their capabilities on IoT-based botnets. This paper describes an experiment involving the reconstruction of a traditional botnet detection technique, BotMiner. The experimental parameters were varied in an attempt to exploit potential weaknesses in BotMiner and to start to understand its potential performance against IoT-based botnets. The results indicated that BotMiner was able to detect IoT-based botnets surprisingly well in various small-scale scenarios, but produced false positives in more realistic, scaled-up scenarios involving IoT devices that generated traffic similar to botnet commands.

Document Type

Conference Proceeding

Date of Publication

1-1-2022

Volume

1557 CCIS

Publication Title

International Conference of Ubiquitous Security

Publisher

Springer

School

School of Science

RAS ID

43681

Comments

Woodiss-Field, A., Johnstone, M. N., & Haskell-Dowland, P. (2022). Towards evaluating the effectiveness of botnet detection techniques. In International Conference of Ubiquitous Security (pp. 292-308). Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_22

Copyright

subscription content

First Page

292

Last Page

308

Share

 
COinS
 

Link to publisher version (DOI)

10.1007/978-981-19-0468-4_22

Link to publisher version (DOI)

10.1007/978-981-19-0468-4_22