Botnet in DDoS Attacks: Trends and Challenges

IEEE Communications Surveys and Tutorials

Volumn 17, Issue 4, 2015, Pages 2242-2270

  Hoque, Nazrul ^a   Bhattacharyya, Dhruba K ^a   Kalita, Jugal K ^b  

^a TEZPUR UNIVERSITY   (India)

^b UCB 450   (United States)

Author keywords

botnet; DDoS attack; DDoS prevention; IP traceback; mobile botnet

Indexed keywords

APPLICATION PROGRAMS; CRIME; DISTRIBUTED COMPUTER SYSTEMS; HIERARCHICAL SYSTEMS; INTERNET; MALWARE; NETWORK ARCHITECTURE; NETWORK SECURITY; TELECOMMUNICATION TRAFFIC;

BOTNET; DDOS ATTACK; DDOS PREVENTION; IP TRACEBACK; MOBILE BOTNET;

DENIAL-OF-SERVICE ATTACK;

EID: 84970046203     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/COMST.2015.2457491     Document Type: Article

References (145)

1. C.-H. Yu, K. Doppler, C. B. Ribeiro, and O. Tirkkonen, "Resource sharing optimization for device-to-device communication underlaying cellular networks," IEEE Trans. Wireless Commun., vol. 10, no. 8, pp. 2752-2763, Aug. 2011.
2. N. Hoque, D. Bhattacharyya, and J. Kalita, "MIFS-ND: A mutual information-based feature selection method," Expert Syst. Appl., vol. 41, no. 14, pp. 6371-6385, Oct. 2014.
3. D. K. Bhattacharyya and J. K. Kalita, Network Anomaly Detection: A Machine Learning Perspective. Boca Raton, FL, USA: CRC Press, 2013.
4. M. Feily, A. Shahrestani, and S. Ramadass, "A survey of botnet and botnet detection," in Proc. IEEE 3rd Int. Conf. Emerging Security Inf., Syst. Technol. SECURWARE, 2009, pp. 268-273.
5. M. Bailey, E. Cooke, F. Jahanian, Y. Xu, and M. Karir, "A survey of botnet technology and defenses," in Proc. IEEE CATCH, 2009, pp. 299-304.
6. H. R. Zeidanloo, M. J. Z. Shooshtari, P. V. Amoli, M. Safari, and M. Zamani, "A taxonomy of botnet detection techniques," in Proc. IEEE 3rd ICCSIT, 2010, vol. 2, pp. 158-162.
7. L. Zhang, S. Yu, D. Wu, and P. Watters, "A survey on latest botnet attack and defense," in Proc. IEEE 10th Int. Conf. TrustCom, 2011, pp. 53-60.
8. R. A. Rodríguez-Gómez, G. Mació-Fernóndez, and P. García-Teodoro, "Survey and taxonomy of botnet research through life-cycle," ACM CSUR, vol. 45, no. 4, p. 45, Aug. 2013.
9. S. S. Silva, R. M. Silva, R. C. Pinto, and R. M. Salles, "Botnets: A survey," Comput. Netw., vol. 57, no. 2, pp. 378-403, Feb. 2013.
10. V. Igure and R. Williams, "Taxonomies of attacks and vulnerabilities in computer systems," IEEE Commun. Surveys Tuts., vol. 10, no. 1, pp. 6-19, 1st Quart. 2008.
11. J. Yuan and K. Mills, "Monitoring the macroscopic effect of DDoS flooding attacks," IEEE Trans. Depend. Secure Comput., vol. 2, no. 4, pp. 324-335, Oct.-Dec. 2005.
12. M. Fakrul Alam, "Application layer ddos a practical approach & mitigation techniques," bdHUB Limit., Dhaka, Bangladesh, 2014.
13. E. Alomari, S. Manickam, B. Gupta, S. Karuppayah, and R. Alfaris, "Botnet-based distributed denial of service (DDoS) attacks on web servers: Classification and art," Int. J. Comput. Appl., vol. 49, no. 7, pp. 24-32, Jul. 2012.
14. M. Sauter, "LOIC will tear us apart the impact of tool design and media portrayals in the success of activist DDoS attacks," Amer. Behavioral Sci., vol. 57, no. 7, pp. 983-1007, 2013.
15. G. Ollmann, "Botnet communication topologies," Retrieved Sep., vol. 30, pp. 1-7, 2009.
16. T. Li et al., "ZHT: A light-weight reliable persistent dynamic scalable zero-hop distributed hash table," in Proc IEEE IPDPS, 2013, pp. 775-787.
17. S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker, "A scalable content-addressable network," in Proc. ACM, 2001, vol. 31, no. 4, pp. 161-172.
18. H. Huang, Y. Zheng, H. Chen, and R. Wang, "Pchord: A distributed hash table for P2P network," Front. Electr. Electron. Eng. China, vol. 5, no. 1, pp. 49-58, 2010.
19. A. Rowstron and P. Druschel, "Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems," in Middleware 2001. Berlin, Germany: Springer-Verlag, 2001, pp. 329-350.
20. B. Y. Zhao et al., "Tapestry: A resilient global-scale overlay for service deployment," IEEE J. Sel. Areas Commun., vol. 22, no. 1, pp. 41-53, Jan. 2004.
21. P. Maymounkov and D. Mazieres, "Kademlia: A peer-to-peer information system based on the XOR metric," in Peer-to-Peer Systems. Berlin, Germany: Springer-Verlag, 2002, pp. 53-65.
22. B. Beverly Yang and H. Garcia-Molina, "Designing a superpeer network," in Proc. IEEE 19th Int. Conf. Data Eng., 2003, pp. 49-60.
23. T. Micro, "Worm agobot," 2004. [Online]. Available: http://aboutthreats. trendmicro.com/ArchiveMalware.aspx?language=us&name= WORMAGOBOT
24. T. Microhgj, "Worm sdbot," 2003. [Online]. Available: http://aboutthreats. trendmicro.com/ArchiveMalware.aspx?language=us&name= WORMSDBOT
25. rbot, "The Ruby IRC bot." [Online]. Available: http://ruby-rbot.org/
26. C. Li, W. Jiang, and X. Zou, "Botnet: Survey and case study," in Proc. IEEE 4th Int. Conf. ICICIC, 2009, pp. 1184-1187.
27. "Experts bicker over conficker numbers," 2001. [Online]. Available: http://news.techworld.com
28. J. Hruska, "New mega-D menace muscles storm worm aside," 2008. [Online]. Available: http://arstechnica.com
29. G. Keizer, "Top botnets control 1Mhijacked computers," 2008. [Online]. Available: http://www.computerworld.com
30. B. Stone-Gross et al., "Analysis of a botnet takeover," IEEE Security Privacy, vol. 9, no. 1, pp. 64-72, Jan./Feb. 2011.
31. S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich, "Analysis of the storm and nugache trojans: P2P is here," USENIX; login, vol. 32, no. 6, pp. 18-27, 2007.
32. J. P. John, A. Moshchuk, S. D. Gribble, and A. Krishnamurthy, "Studying spamming botnets using botlab" in Proc. NSDI, 2009, vol. 9, pp. 291-306.
33. McAfee, "Cutall" 2015. [Online]. Available: http://vil.nai.com/vil/content/v-144515.htm
34. G. Macesanu, T. Codas, C. Suliman, and B. Tarnauca, "Development of GTBoT, a high performance and modular indoor robot," in Proc. IEEE IEEE Int. Conf. AQTR, 2010, vol. 1, pp. 1-6.
35. H. R. Zeidanloo and A. A. Manaf, "Botnet command and control mechanisms," in Proc. IEEE 2nd Int. Conf. ICCEE, 2009, vol. 1, pp. 564-568.
36. T.-F. Yen and M. K. Reiter, "Traffic aggregation for malware detection," in Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin, Germany: Springer-Verlag, 2008, pp. 207-227.
37. P. Bacher, T. Holz, M. Kotter, and G. Wicherski, "Know your enemy: Tracking botnets," The Honeynets Project, Ann Arbor, MI, USA, 2005.
38. R. Borgaonkar, "An analysis of the asprox botnet," in Proc. IEEE 4th Int. Conf. SECURWARE, 2010, pp. 148-153.
39. M. Khonji, Y. Iraqi, and A. Jones, "Phishing detection: A literature survey," IEEE Commun. Surveys Tuts., vol. 15, no. 4, pp. 2091-2121, 4th Quart. 2013.
40. K. Higgins, "New massive botnet twice the size of storm," in Retrieved May. San Francisco, CA, USA: Dark Reading, vol. 13, 2008.
41. L. Trolle Borup, "Peer-to-peer botnets: A case study on waledac," Ph.D. dissertation, Techn. Univ. Denmark, Denmark, DTU, DK-2800 Kgs. Lyngby, 2009.
42. J. Stewart, "Spam botnets to watch in 2009," Secure Works, Atlanta, GA, USA, 2009. [Online]. Available: http://www.secureworks.com/research/threats/botnets2009
43. M. Intelligence, "Annual security report," Symantec Corp., Atlanta, GA, USA, 2010.
44. S. Greengard, "The war against botnets," Commun. ACM, vol. 55, no. 2, pp. 16-18, Feb. 2012.
45. "Eggheads.org-eggdrop development," 1993. [Online]. Available: http://eggheads.org/
46. W. Shuai, C. Xiang, L. Peng, and L. Dan, "S-URL flux: A novel c&c protocol for mobile botnets," in Trustworthy Computing and Services. Berlin, Germany: Springer-Verlag, 2013, pp. 412-419.
47. M. La Polla, F. Martinelli, and D. Sgandurra, "A survey on security for mobile devices," IEEE Commun. Surveys Tuts., vol. 15, no. 1, pp. 446-471, 1st Quart. 2013.
48. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in Proc. 1st ACM Workshop Security Privacy Smartphones Mobile Devices, 2011, pp. 3-14.
49. C. Xiang, F. Binxing, Y. Lihua, L. Xiaoyi, and Z. Tianning, "Andbot: Towards advanced mobile botnets," in Proc. 4th USENIX Conf. Large-Scale Exploits Emergent Threats, USENIX Association, 2011, pp. 11-11.
50. M. Eslahi, R. Salleh, and N. B. Anuar, "Mobots: A new generation of botnets on mobile devices and networks," in Proc. IEEE ISCAIE, 2012, pp. 262-266.
51. H. Pieterse and M. S. Olivier, "Android botnets on the rise: Trends and characteristics," in Proc. IEEE ISSA, 2012, pp. 1-5.
52. F. Fiu, "MDK: The largest mobile botnet in china," 2013. [Online]. Available: http://www.symantec.com/connect/blogs/mdk-largestmobile-botnet-china
53. A. Freed, "Misosms malware sends your text messages to attackers," 2013. [Online]. Available: http://www.tripwire.com/state-of-security/top-security-\ignorespacesstories/misosms-malware-sends-textmessages-china/
54. Y. Zeng, K. G. Shin, and X. Hu, "Design of SMS commanded-andcontrolled and P2P-structured mobile botnets," in Proc. 5th ACM Conf. Security Privacy Wireless Mobile Netw., 2012, pp. 137-148.
55. M. Robinson, J. Mirkovic, M. Schnaider, S. Michel, and P. Reiher, "Challenges and principles of DDoS defense," in Proc. ACM SIGCOMM, 2003, pp. 1-8.
56. S. T. Zargar, J. Joshi, and D. Tipper, "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks," IEEE Commun. Surveys Tuts., vol. 15, no. 4, pp. 2046-2069, 4th Quart. 2013.
57. J. Ioannidis and S. M. Bellovin, "Implementing pushback: Router-based defense against DDoS attacks," in Proc. Netw. Distrib. Syst. Security Symp., 2002, pp. 1-12.
58. J. Mirkovic and P. Reiher, "D-WARD: A source-end defense against flooding denial-of-service attacks," IEEE Trans. Depend. Secure Comput., vol. 2, no. 3, pp. 216-232, Jul.-Sep. 2005.
59. K. Park and H. Lee, "On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets," in Proc. ACM SIGCOMM Comput. Commun. Rev., 2001, vol. 31, no. 4, pp. 15-26.
60. A. T. Mizrak, S. Savage, and K. Marzullo, "Detecting compromised routers via packet forwarding behavior," IEEE Netw., vol. 22, no. 2, pp. 34-39, Mar./Apr. 2008.
61. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Mació-Fernóndez, and E. Vózquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," Comput. Security, vol. 28, no. 1, pp. 18-28, Feb./Mar. 2009.
62. M. Thottan and C. Ji, "Anomaly detection in IP networks," IEEE Trans. Signal Process., vol. 51, no. 8, pp. 2191-2204, Aug. 2003.
63. W. Lee and S. J. Stolfo, "A framework for constructing features and models for intrusion detection systems," ACM TiSSEC, vol. 3, no. 4, pp. 227-261, Nov. 2000.
64. O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, "An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks," Expert Syst. Appl., vol. 29, no. 4, pp. 713-722, Nov. 2005.
65. P. Li, M. Salour, and X. Su, "A survey of internet worm detection and containment," IEEE Commun. Surveys Tuts., vol. 10, no. 1, pp. 20-35, 1st Quart. 2008.
66. A. Sperotto et al., "An overview of IP flow-based intrusion detection," IEEE Commun. Surveys Tuts., vol. 12, no. 3, pp. 343-356, 3rd Quart. 2010.
67. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "Network anomaly detection: Methods, systems and tools," IEEE Commun. Surveys Tuts., vol. 16, no. 1, pp. 303-336, 1st Quart. 2014.
68. K. Pelechrinis, M. Iliofotou, and S. V. Krishnamurthy, "Denial of service attacks in wireless networks: The case of jammers," IEEE Commun. Surveys Tuts., vol. 13, no. 2, pp. 245-257, 2nd Quart. 2011.
69. M. H. Bhuyan, H. J. Kashyap, D. K. Bhattacharyya, and J. K. Kalita, "Detecting distributed denial of service attacks: Methods, tools and future directions," The Comput. J., vol. 57, no. 4, pp. 537-556, 2013.
70. H. Chen, Y. Chen, and D. H. Summerville, "A survey on the application of FPGAS for network infrastructure security," IEEE Commun. Surveys Tuts., vol. 13, no. 4, pp. 541-561, 4th Quart. 2011.
71. L. Li, J. Zhou, and N. Xiao, "DDoS attack detection algorithms based on entropy computing," in Information and Communications Security. Berlin, Germany: Springer-Verlag, 2007, pp. 452-466.
72. L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, "Statistical approaches to DDoS attack detection and response," in Proc. IEEE DARPA Inf. Surv. Conf. Expo., 2003, vol. 1, pp. 303-314.
73. Z. Jian-Qi, F. Feng, Y. Ke-xin, and L. Yan-Heng, "Dynamic entropy based DoS attack detection method," Comput. Electr. Eng., vol. 39, no. 7, pp. 2243-2251, Oct. 2013.
74. S. Yu, W. Zhou, and R. Doss, "Information theory based detection against network behavior mimicking ddos attacks," IEEE Commun. Lett., vol. 12, no. 4, pp. 318-321, Apr. 2008.
75. S. Jin and D. S. Yeung, "A covariance analysis model for DDoS attack detection," in Proc. IEEE Int. Conf. Commun., 2004, vol. 4, pp. 1882-1886.
76. S. Yu et al., "Discriminating DDoS attacks from flash crowds using flow correlation coefficient," IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 6, pp. 1073-1080, Jun. 2012.
77. X. Yi and Y. Shunzheng, "Monitoring the application-layer DDoS attacks for popular websites," IEEE Trans. Netw., vol. 17, no. 1, pp. 15-25, Feb. 2009.
78. Y. Xie and S.-Z. Yu, "A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors," IEEE Trans. Netw., vol. 17, no. 1, pp. 54-65, Feb. 2009.
79. J. Mirkovic, G. Prier, and P. Reiher, "Attacking DDoS at the source," in Proc. 10th IEEE Int. Conf. Netw. Protocols, 2002, pp. 312-321.
80. A. Akella, A. Bharambe, M. Reiter, and S. Seshan, "Detecting DDoS attacks on ISP networks," in Proc. 22nd ACM SIGMOD Workshop Manage. Process. Data Streams, Citeseer, 2003, pp. 1-3.
81. T. Peng, C. Leckie, and K. Ramamohanarao, "Proactively detecting distributed denial of service attacks using source IP address monitoring," in NETWORKING 2004. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications. Berlin, Germany: Springer-Verlag, 2004, pp. 771-782.
82. Y. Chen, K. Hwang, and W.-S. Ku, "Collaborative detection of DDoS attacks over multiple network domains," IEEE Trans. Parallel Distrib. Syst., vol. 18, no. 12, pp. 1649-1662, Dec. 2007.
83. G. Öke and G. Loukas, "A denial of service detector based on maximum likelihood detection and the random neural network," The Comput. J., vol. 50, no. 6, pp. 717-727, 2007.
84. C.-L. Chen, "A new detection method for distributed denial-of-service attack traffic based on statistical test," J. UCS, vol. 15, no. 2, pp. 488-504, 2009.
85. S. Yu, W. Zhou, R. Doss, and W. Jia, "Traceback of DDoS attacks using entropy variations," IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 3, pp. 412-425, Mar. 2011.
86. M. S. Fallah and N. Kahani, "TDPF: A traceback-based distributed packet filter to mitigate spoofed DDoS attacks," Security Commun. Netw., vol. 7, no. 2, pp. 245-264, 2013.
87. C. M. Bishop, Pattern Recognition and Machine Learning. New York, NY, USA: Springer-Verlag, vol. 1, 2006.
88. T. T. Nguyen and G. Armitage, "A survey of techniques for internet traffic classification using machine learning," IEEE Commun. Surveys Tuts., vol. 10, no. 4, pp. 56-76, 4th Quart. 2008.
89. T. Shon and J. Moon, "A hybrid machine learning approach to network anomaly detection," Inf. Sci., vol. 177, no. 18, pp. 3799-3821, Sep. 2007.
90. R. Vijayasarathy, S. V. Raghavan, and B. Ravindran, "A system approach to network modeling for DDoS detection using a naìve bayesian classifier," in Proc. IEEE 3rd Int. Conf. COMSNETS, 2011, pp. 1-10.
91. S. R. Gaddam, V. V. Phoha, and K. S. Balagani, "K-means+ID3: A novel method for supervised anomaly detection by cascading K-means clustering and ID3 decision tree learning methods," IEEE Trans. Knowl. Data Eng., vol. 19, no. 3, pp. 345-354, Mar. 2007.
92. M.-Y. Su, "Real-time anomaly detection systems for denial-of-service attacks by weighted k-nearest-neighbor classifiers," Expert Syst. Appl., vol. 38, no. 4, pp. 3492-3498, Apr. 2011.
93. A. Ramamoorthi, T. Subbulakshmi, and S. M. Shalinie, "Real time detection and classification of DDoS attacks using enhanced SVM with string kernels," in Proc. IEEE ICRTIT, 2011, pp. 91-96.
94. S. N. Shiaeles, V. Katos, A. S. Karakos, and B. K. Papadopoulos, "Real time DDoS detection using fuzzy estimators," Comput. Security, vol. 31, no. 6, pp. 782-790, Sep. 2012.
95. J. Erman, A. Mahanti, M. Arlitt, I. Cohen, and C. Williamson, "Offline/realtime traffic classification using semi-supervised learning," Perform. Eval., vol. 64, no. 9, pp. 1194-1213, Oct. 2007.
96. J. Seo, C. Lee, T. Shon, K.-H. Cho, and J. Moon, "A new DDoS detection model using multiple SVMs and TRA," in Embedded and Ubiquitous Computing-EUC 2005 Workshops. Berlin, Germany: Springer-Verlag, 2005, pp. 976-985.
97. D. Gavrilis and E. Dermatas, "Real-time detection of distributed denialof-service attacks using RBF networks and statistical features," Comput. Netw., vol. 48, no. 2, pp. 235-245, Jun. 2005.
98. T. Shon, Y. Kim, C. Lee, and J. Moon, "A machine learning framework for network anomaly detection using SVM and GA," in Proc. IEEE 6th Annu. SMC IAW, 2005, pp. 176-183.
99. M. Ektefa, S. Memar, F. Sidi, and L. S. Affendey, "Intrusion detection using data mining techniques," in Proc. IEEE Int. Conf. Inf. Retrieval Knowl. Manage CAMP, 2010, pp. 200-203.
100. J. Erman, A. Mahanti, and M. Arlitt, "QRP05-4: Internet traffic identification using machine learning," in Proc. IEEE GLOBECOM, 2006, pp. 1-6.
101. L. E. Menten, A. Chen, and D. Stiliadis, "Nobot: Embedded malware detection for endpoint devices," Bell Labs Tech. J., vol. 16, no. 1, pp. 155-170, Jun. 2011.
102. J. Goebel and T. Holz, "Rishi: Identify bot contaminated hosts by IRC nickname evaluation," in Proc 1st Conf. 1st Workshop Hot Topics Understand. Botnets, Cambridge, MA, USA, 2007, pp. 8-8.
103. W. T. Strayer, D. Lapsely, R. Walsh, and C. Livadas, "Botnet detection based on network behavior," in Botnet Detection. Berlin, Germany: Springer-Verlag, 2008, pp. 1-24.
104. S. Yu, S. Guo, and I. Stojmenovic, "Can we beat legitimate cyber behavior mimicking attacks from botnets?" in Proc. IEEE INFOCOM, 2012, pp. 2851-2855.
105. Z. Zhu et al., "Botnet research survey," in Proc. IEEE 32nd Annu. Int. COMPSAC, 2008, pp. 967-972.
106. D. Watson and J. Riden, "The Honeynet Project: Data collection tools, infrastructure, archives and analysis," in Proc. IEEE WOMBAT Workshop Inf. Security Threats Data Collect. Sharing, 2008, pp. 24-30.
107. J. Ritter, "ngrep-network grep." [Online]. Available: http://packetfactory. openwall.net/projects/ngrep/index.html
108. V. Jacobson, C. Leres, and S. McCanne, "The tcpdump manual page," Lawrence Berkeley Lab., Berkeley, CA, USA, 1989.
109. E. Cooke, F. Jahanian, and D. McPherson, "The zombie roundup: Understanding, detecting, and disrupting botnets," in Proc. USENIX SRUTI Workshop, 2005, vol. 39, pp. 44-59.
110. H. Choi, H. Lee, H. Lee, and H. Kim, "Botnet detection by monitoring group activities in DNS traffic," in Proc. IEEE 7th Int. Conf. CIT, 2007, pp. 715-720.
111. A. Karasaridis, B. Rexroad, and D. Hoeflin, "Wide-scale botnet detection and characterization," in Proc. 1st Conf. 1st Workshop Hot Topics Understand. Botnets, Cambridge, MA, USA, 2007, vol. 7, p. 7.
112. P. Narang, J. M. Reddy, and C. Hota, "Feature selection for detection of peer-to-peer botnet traffic," in Proc. 6th ACM India Comput. Conv., 2013, p. 16.
113. D. Liu, Y. Li, Y. Hu, and Z. Liang, "A P2P-botnet detection model and algorithms based on network streams analysis," in Proc. IEEE Int. Conf. FITME, 2010, vol. 1, pp. 55-58.
114. M. Jelasity and V. Bilicki, "Towards automated detection of peer-to-peer botnets: On the limits of local approaches," in Proc. USENIX Workshop LEET, 2009, p. 3.
115. S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov, "Botgrep: Finding P2P bots with structured graph analysis," in Proc. USENIX Security Symp., 2010, pp. 95-110.
116. W. Lu and A. A. Ghorbani, "Botnets detection based on IRCcommunity," in Proc. IEEE GLOBECOM, 2008, pp. 1-5.
117. X. Ma et al., "A novel IRC botnet detection method based on packet size sequence," in Proc. IEEE ICC, 2010, pp. 1-5.
118. C. Mazzariello, "IRC traffic analysis for botnet detection," in Proc. IEEE 4th Int. Conf. ISIAS, 2008, pp. 318-323.
119. J.-S. Lee, H. Jeong, J.-H. Park, M. Kim, and B.-N. Noh, "The activity analysis of malicious HTTP-based botnets using degree of periodic repeatability," in Proc. IEEE Int. Conf. SECTECH, 2008, pp. 83-86.
120. L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, and C. Kruegel, "Disclosure: Detecting botnet command and control servers through large-scale netflow analysis," in Proc. 28th ACM Annu. Comput. Security Appl. Conf., 2012, pp. 129-138.
121. G. Gu, J. Zhang, and W. Lee, "Botsniffer: Detecting botnet command and control channels in network traffic," College Comput., Georgia Inst. Technol., Atlanta, GA, USA, 2008.
122. R. L. Allison and P. J. Marsico, " Methods and systems for preventing short message service (SMS) message flooding," U.S. Patent 7 145 875, Dec. 5, 2006.
123. S. Yadav, A. K. K. Reddy, A. Reddy, and S. Ranjan, "Detecting algorithmically generated malicious domain names," in Proc. 10th ACM SIGCOMM Conf. Internet Meas., 2010, pp. 48-61.
124. S. Schiavoni, F. Maggi, L. Cavallaro, and S. Zanero, "Phoenix: DGAbased botnet tracking and intelligence," in Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin, Germany: Springer-Verlag, 2014, pp. 192-211.
125. A. Castelucio, A. Ziviani, and R. M. Salles, "An as-level overlay network for IP traceback," IEEE Netw., vol. 23, no. 1, pp. 36-41, Jan./Feb. 2009.
126. A. C. Snoeren et al., "Single-packet IP traceback," IEEE ToN, vol. 10, no. 6, pp. 721-734, Dec. 2002.
127. H. Burch and B. Cheswick, "Tracing anonymous packets to their approximate source," in LISA, 2000, pp. 319-327.
128. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical network support for IP traceback," ACM SIGCOMM Comput. Commun. Rev., vol. 30, no. 4, pp. 295-306, Oct. 2000.
129. M. T. Goodrich, "Efficient packet marking for large-scale IP traceback," in Proc. 9th ACM Conf. Comput. Commun. Security, 2002, pp. 117-126.
130. Y. Xiang, W. Zhou, and M. Guo, "Flexible deterministic packet marking: An IP traceback system to find the real source of attacks," IEEE Trans. Parallel Distrib. Syst., vol. 20, no. 4, pp. 567-580, Apr. 2009.
131. H. A. Alwis, R. C. Doss, P. S. Hewage, and M. U. Chowdhury, "Topology based packet marking for IP traceback," in Proc. ATNAC, Citeseer, 2006, pp. 224-228.
132. B. H. Bloom, "Space/time trade-offs in hash coding with allowable errors," Commun. ACM, vol. 13, no. 7, pp. 422-426, Jul. 1970.
133. A. Mishra, B. Gupta, and R. C. Joshi, "A comparative study of distributed denial of service attacks, intrusion tolerance and mitigation techniques," in Proc. IEEE EISIC, 2011, pp. 286-289.
134. L. Siqueira and Z. Abdelouahab, "A fault tolerance mechanism for network intrusion detection system based on intelligent agents (NIDIA)," in Proc. IEEE 4th Workshop SEUS 2nd Int. WCCIA, 2006, pp. 1-6.
135. F. Wang et al., "SITAR: A scalable intrusion-tolerant architecture for distributed services," in Proc. Workshop Inf. Assur. Security, 2003, vol. 1, p. 1100.
136. D. Arsenault, A. Sood, and Y. Huang, "Secure, resilient computing clusters: Self-cleansing intrusion tolerance with hardware enforced security (SCIT/HES)," in Proc. IEEE 2nd Int. Conf. ARES, 2007, pp. 343-350.
137. P. E. Veríssimo, N. F. Neves, and M. P. Correia, "Intrusion-tolerant architectures: Concepts and design," in Architecting Dependable Systems. Berlin, Germany: Springer-Verlag, 2003, pp. 3-36.
138. H. Johansen, A. Allavena, and R. Van Renesse, "Fireflies: Scalable support for intrusion-tolerant network overlays," ACM SIGOPS Oper. Syst. Rev., vol. 40, no. 4, pp. 3-13, Oct. 2006.
139. A. Siddiqui, D. Romascanu, E. Golovinsky, and R. Smith, "Real-time application quality of service monitoring (RAQMON) MIB," Internet Draft, Lincroft, NJ, USA, Tech. Rep., Oct. 2002.
140. B. Joshi, A. S. Vijayan, and B. K. Joshi, "Securing cloud computing environment against DDoS attacks," in Proc. IEEE ICCCI, 2012, pp. 1-5.
141. S. Khattak, N. Ramay, K. Khan, A. Syed, and S. Khayam, "A taxonomy of botnet behavior, detection, and defense," IEEE Commun. Surveys Tuts., vol. 16, no. 2, pp. 898-924, 2nd Quart. 2013.
142. S. Zhao et al., "Cloud-based push-styled mobile botnets: A case study of exploiting the cloud to device messaging service," in Proc. 28th ACM Annu. Comput. Security Appl. Conf., 2012, pp. 119-128.
143. K. Singh, S. C. Guntuku, A. Thakur, and C. Hota, "Big data analytics framework for peer-to-peer botnet detection using random forests," Inf. Sci., vol. 278, pp. 488-497, Sep. 2014.
144. W. Xia, Y. Wen, C. H. Foh, D. Niyato, and H. Xie, "A survey on software-defined networking," IEEE Commun. Surveys Tuts., vol. 17, no. 1, pp. 27-51, 1st Quart. 2014.
145. S. Lim, J. Ha, H. Kim, Y. Kim, and S. Yang, "A SDN-oriented DDoS blocking scheme for botnet-based attacks," in Proc. IEEE 6th ICUFN, 2014, pp. 63-68.