Publication details

Home Publication details

Towards Evaluating the Effectiveness of Botnet Detection Techniques
Woodiss-Field A, Johnstone M, Haskell-Dowland PS (Dowland PS)
International Conference on Ubiquitous Security (UBISEC 2021), pp 292-308 (published 2022), Springer, DOI: 10.1007/978-981-19-0468-4_22, 2021
Links:  External link available

Botnets are a group of compromised devices taken over and commanded by a malicious actor known as a botmaster. In recent years botnets have targeted Internet of Things (IoT) devices, significantly increasing their ability to cause disruption due to the scale of the IoT. One such IoT-based botnet was Mirai, which compromised over 140,000 devices in 2016 and was able to conduct attacks at speeds over 1 Tbps. The dynamic structure and protocols used in the IoT may potentially render conventional botnet detection techniques described in the literature incapable of exposing compromised devices. This paper discusses part of a larger project where traditional botnet detection techniques are evaluated to demonstrate their capabilities on IoT-based botnets. This paper describes an experiment involving the reconstruction of a traditional botnet detection technique, BotMiner. The experimental parameters were varied in an attempt to exploit potential weaknesses in BotMiner and to start to understand its potential performance against IoT-based botnets. The results indicated that BotMiner was able to detect IoT-based botnets surprisingly well in various small-scale scenarios, but produced false positives in more realistic, scaled-up scenarios involving IoT devices that generated traffic similar to botnet commands.

Woodiss-Field A, Johnstone M, Haskell-Dowland PS (Dowland PS)