Issues and challenges in DNS based botnet detection: A survey

Cybercrimes are evolving on a regular basis and as such these crimes are becoming a greater threat day by day. Earlier these threats were very general and unorganized. In the last decade, these attacks have become highly sophisticated in nature. This higher level of coordination is possible mainly due to botnets, which are clusters of infected hosts controlled remotely by an attacker (botmaster). The number of infected machines is continuously rising, thereby resulting in botnets with over a million infected machines. This powerful capability gives the botmaster a lethal weapon to launch various security attacks. As a result, botnet detection techniques received greater research focus. The Domain Name System (DNS) is a large scale distributed database on the Internet, which is being abused as a botnet communication channel. While there are numerous survey and review papers on botnet detection, there are two survey papers on DNS-based botnet detection which are neither comprehensive nor take into consideration various parameters vital for effective comparison. This survey presents a new classification for DNS-based botnet detection techniques and provides a deep analysis of each technique within the category. (C) 2019 Elsevier Ltd. All rights reserved.