A lightweight hybrid detection method for botnet

Abstract

Botnet is a serious threat for the Internet and it has created great damage to the Internet. How to detect botnet has become an ongoing endeavor research. Series of methods have been discussed in recent research. However, one of the remaining challenges is that the high computational overhead. In this paper, a lightweight hybrid botnet detection method is proposed. Considering the features in the botnet data packets and the characteristic of employing DGA (Domain Generation Algorithm) domain names to connect to the botnet, two sensors are designed and deployed individually and parallelly. Signature detection is used on the gateway sensor to dig out known bot software and deep learning based techniques are used on the DNS (Domain Name Server) server sensor to find DGA domain names. With this method, the computational overhead would be shared by the two sensors and experiments are conducted and the results indicate that the method is effective in detecting botnet.