A Survey on Host-Based Botnet Identification

Today Botnets pose a serious threat to Internet Information world. Because cyber criminals are utilizing them as a powerful tool to achieve their goals easily and most importantly without leaving any trace to the defenders. So it is difficult to detect their origin. They are mainly used for many illegal activities such as Phishing, Spamming, information or email harvesting and DDoS etc. Basically botnets receive command(s) from botmaster using existing network path to attack or compromise a victim. Therefore, to detect a bot/botnet defenders use either network-analysis or end-host analysis. Distinguishing a bot in a high-speed network link is too difficult, because most bots today generate low volume traffic, legitimate protocols and etc. Motivated by this, we propose a comparative study analysis of bot at the end-system side. This area of research is in its infant stage and only very less number of ideas has been proposed.