A review of botnet detection approaches based on DNS traffic analysis

Abstract

A botnet is a network of computing devices being commanded by an attacker, a daily Internet problem, causing extensive economic damage for organizations and individuals. With the avail of botnets, attackers can perform remote control on exploited machines, performing several malicious activities, since it enormously increases a botnet’s survivability by evading detection, Domain Name System (DNS) nowadays is a favourable botnet communication channel. Fortunately, many strategies have been introduced and developed to undertake the issue of botnets based on DNS resolving; this review explores the various botnet detection techniques through providing a study for detection approached based on DNS traffic analysis. Some related topics, including technological background, life cycle, evasion, and detection techniques of botnets are introduced.