Botnet detection is critical in a network as bots have an impact on a variety of domains, including cyber security, finance, health care, law enforcement, and more. They are exhibiting platform diversity, communication concealment, control intelligence as the Internet evolves, and the growth of the Internet of Things, smart terminals, cloud platforms, and social platforms. According to a testimony given by Twitter officials, up to 5% of all Twitter accounts are run by bots. Experts that used logarithms to detect bot behaviour discovered that the number could be closer to 15%. This figure is likely to apply to other social media platforms as well. Earlier this week, Twitter announced that it would begin rolling out labels for automated (or bot) accounts. It’s difficult to say how many social media accounts are bots, given that plenty of them are made to look accurately real.
In many circumstances, individuals are unable to distinguish between a bot and real human accounts. Bots can be identified by their behaviour on social media, but more advanced bots cannot be identified with any certainty. Researchers at the University of Reading’s School of Systems Engineering found that 30% of participants in the study believed that a human person actually controlled a social media bot account. Researchers from the Netherlands say that botnets utilise and spread via technologies such as zero-day vulnerabilities, peer-to-peer networks, phishing, fast flux, anonymous networks, bitcoin networks, and lightning networks. It is extremely difficult to precisely identify and detect botnets, especially in the early stages of their development.
Sign up for your weekly dose of what's up in emerging technology.
In recent years, various surveys on botnet detection techniques have been conducted. Let’s have a look at some machine learning techniques for botnet detection.
Signature-based detection: Botnet identification requires knowledge of valuable signatures and behaviour of existing botnets. It can be used to detect known botnets.
Anomaly-based detection: It attempts to discover botnets based on network traffic anomalies such as high network latency, high traffic volumes, traffic on unusual ports, and unusual system behaviour, all of which could confirm the existence of malicious bots in the network.
TCP-based anomaly detection: The method was combined with IRC tokenisation and IRC message statistics to produce a system that can discover client botnets with pinpoint accuracy. This method can also be used to identify bot servers.
Network-based anomaly detection: Botsniffer is based on the notion that bots in the same botnet will most likely respond and operate in a very synchronised manner. As a result, it employs numerous correlation analysis techniques with a low false-positive rate to discover spatial-temporal correlation in network traffic.
Honeynet-based detection: A honeypot is a network that has been set up with intentional flaws and used as a lure to attract attackers’ attention to this device without revealing the real network or its contents to them.
DNS-based detection: This approach is dependent on the botnet’s DNS query’s property. It locates the Command-and-Control (C&C) server bots using DNS queries commonly hosted by a Dynamic DNS (DDNS) service. The most common and straightforward method of detecting a botnet is to use DNS. Similarly, Fast-Flux and the DGA botnet detection technology are introduced as evasion and detection solutions for DNS-based botnets.
Hybrid botnet detection: Hybrid systems collect data and information from both the host and the network sides to detect botnets.
Facebook, Twitter, and other social media platforms feature a large number of automated accounts. A tighter criterion for account creation may cause inconvenience for legitimate users while failing to eliminate bots because there is no ideal test to distinguish between bots and real users. As social media material is manufactured and amplified by bots, fictitious accounts are on the rise. It is not uncommon for large botnets to be deployed to influence public perception of brands, public figures, and socio-political issues. There are, of course, bot management systems that can be used to stop some of these. However, more research is still needed, particularly in the social network, to detect botnets effectively.