Survey on network-based botnet detection methods
Version of Record online: 21 JUN 2013
Copyright © 2013 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 7, Issue 5, pages 878–903, May 2014
How to Cite
García, S., Zunino, A. and Campo, M. (2014), Survey on network-based botnet detection methods. Security Comm. Networks, 7: 878–903. doi: 10.1002/sec.800
- Issue online: 11 APR 2014
- Version of Record online: 21 JUN 2013
- Manuscript Accepted: 6 MAR 2013
- Manuscript Revised: 26 FEB 2013
- Manuscript Received: 1 JUN 2012
- network detection;
- information security;
- network behavior
Botnets are an important security problem on the Internet. They continuously evolve their structure, protocols and attacks. This survey analyzes and compares the most important efforts carried out in a network-based detection area. It accomplishes four tasks: first, the comparison of previous surveys and the proposal of four new dimensions to analyze their classification schemes; second, a new classification and comparison of network-based botnet detection proposals, which includes the definition of 20 desired properties of every botnet detection paper; third, an extensive comparison between the most representative detection proposals; and fourth, the description of the most important problems and highlights in the area. We conclude that the area has achieved great advances so far, but there are still many open problems. Copyright © 2013 John Wiley & Sons, Ltd.