Mathematical Problems in Engineering

Review Article

Survey on Botnet Detection Techniques: Classification, Methods, and Evaluation

Summary of typical botnet detection techniques based on combination method.


Papers	Mechanism	Algorithm/Model	Dataset	Advantage	Drawback

[113]	HANABot, a hybrid botnet detection method based on host and network analysis, was proposed, which could detect new botnets in the early stage	NB,DT	Collected data itself	(i) Detection can be performed at an early stage (ii) Detection of multidimensional data	(i) Dynamically updating rules, configuration files, or signatures is still difficult
[118]	MABDS associated the event log analyzer with a host-based intrusion detection system (HIDS)	A variety of techniques	Collected data itself	(i) Used multiagent technology to combine administrative agent, user agent, honeypot agent, system analysis, and knowledge database	(i) Lack of proper composition can result in high computing costs
[118]		A variety of techniques	Collected data itself		(ii) It is a complicated method
[119]	Based on the traffic, the network communication graph is generated at regular intervals by modeling graphic features over time, and the statistics and central features based on the graph are extracted and classified	LSTM	CTU-13	(i) The characteristics of graph and neural network are used to detect the image (ii) Inclusion evolution feature	(i) The dataset is relatively unitary (ii) Not universal