A holistic perspective on understanding and breaking botnets: Challenges and countermeasures

Malware has gained the most prevalence in today's cyber- attacks that threaten our network assets. More seriously, their attack consequence can be significantly enlarged when a huge amount of bots (hosts compromised by malware) coordinate each other with particular intents by constructing botnets. While various prevention, detection, and response techniques have been developed for defending against botnets, attackers constructing and maintaining botnets always manage to evade defense systems. Instead of limiting our attention to the technical design of specific detection techniques, this paper rather gives a comprehensive review on the features and security-evasion techniques that can be possessed by the botnets, with the objective to obtain a fundamental understanding on sophisticated attacker behavior, which is believed to be the preliminary yet essential step towards the design and development of effective anti-botnet techniques. We then develop a top-down analytical framework as a basis for critical evaluation on the existing countermeasures. The framework not only allows us to envision a holistic methodology for achieving in-depth defense boundary of computer networks in the presence of bots, but also suggests a number of practical ways for detecting bots at different system levels with certain degree of sophistication.