A Survey of Fast Flux Botnet Detection With Fast Flux Cloud Computing

Abstract

A botnet refers to a set of compromised machines controlled distantly by an attacker. Botnets are considered the basis of numerous security threats around the world. Command and control (C&C) servers are the backbone of botnet communications, in which bots send a report to the botmaster, and the latter sends attack orders to those bots. Botnets are also categorized according to their C&C protocols, such as internet relay chat (IRC) and peer-to-peer (P2P) botnets. A domain name system (DNS) method known as fast-flux is used by bot herders to cover malicious botnet activities and increase the lifetime of malicious servers by quickly changing the IP addresses of the domain names over time. Several methods have been suggested to detect fast-flux domains. However, these methods achieve low detection accuracy, especially for zero-day domains. They also entail a significantly long detection time and consume high memory storage. In this survey, we present an overview of the various techniques used to detect fast-flux domains according to solution scopes, namely, host-based, router-based, DNS-based, and cloud computing techniques. This survey provides an understanding of the problem, its current solution space, and the future research directions expected.