Http Botnet Detection

Introduction

Background

After the invention of HTTP protocol in 1999, people never thought that the protocol would be used by a critical Cyber threat called Botnet (Paganini, 2013, para. 1). By definition, a bot is an application deployed to perform and repeat a task with higher speed than a human. A Botnet is a network of bots formed by the connection of several bots infecting various targets such as mobile devices and computers. In other words, a bot is a series of codes, programs, or commands developed to connect to devices such as servers and execute a series of commands. Notably, a botnet performs different functions, both malicious and harmless. A botnet is composed of three elements including the bots, control and command servers or the C&C, and the sophisticated attacker or the botmaster who manages the botnet.

The original classes of botnets used Internet Relay Chat (IRC) and other reliable channels to develop a central control and command mechanism (Paganini, 2013, para.2). This class of bots follows the PUSH mechanism to connect to the channels and stay in the ‘connect mode.’ Additionally, the bots connect to the IRC channels and servers that have been established by the botmaster and are waiting for commands. Notably, this class of botnets is easy to use, manage, and control. However, the IRC botnets suffer from the central point of failure. The figure below shows how the IRC botnets connect to the channels and how the botmaster controls and manages the process.

Research Objectives

Based on the above research questions, the objectives of this thesis include:

1. To assess the aspects that an enterprise should understand in the detection and fight against botnets
2. To determine the different parties and their specific responsibilities in the detention, management, and defense against botnets
3. To research, understand, and forecast the future of botnets

Significance of the Study

At present, despite the fact that botnets appeared a few years ago, the phenomenon has sparked research interest in different industries and learning institutions (Rajab et al., 2006). As noted in the above sections, botnets is a term used to refer to the networks of infected end-hosts under the control of an operator who is usually a human being. Conspicuously, botnets attack vulnerable machines by deploying methods commonly utilized by other malware. For instance, botnets recruit vulnerable devices by social engineering and remote exploitation of software loopholes. However, botnets are uniquely identified by the definitive characteristic of command and control channel. C&C channel aims to distribute the commands from a botmaster to the bot armies.

From related literature, other sets of malware are mostly deployed to establish the special prominence among many hackers. On the other hand, botnets are mainly used to launch illegal activities (Rajab et al., 2006). Examples of botnets’ malicious activities include extortion of e-commerce and other internet businesses, identity theft, email spanning, and application software piracy. Unfortunately, despite the credible increase in botnets activities today, little information is available about the specifics of the malicious activities. Therefore, this thesis is compelling to different private and government organizations as well as learning institutions since it aims to shed light on the prevalence of botnets activities as well as the highlight on the various types of botnets. Further, the paper is significant since it provides information on the evolution, detection, and the responsibilities of different parties concerned with the botnet’s activities.