A Hands-on Approach on Botnets for Behavior Exploration

João Pedro Dias, José Pedro Pinto, José Magalhães Cruz


A botnet consists of a network of computers that run a special software that allows a third-party to remotely control them. This characteristic presents a major issue regarding security in the Internet. Although common malicious software infect the network with almost immediate visible consequences, there are cases where that software acts stealthy without direct visible effects on the host machine. This is the normal case of botnets. However, not always the bot software is created and used for illicit purposes. There is a need for further exploring the concepts behind botnets and network security. For this purpose, this paper presents and discusses an educational tool that consists of an open-source botnet software kit with built-in functionalities. The tool enables anyone with some computer technical knowledge, to experiment and find out how botnets work and can be changed and adapted to a variety of useful applications, such as introducing and exemplifying security and distributed systems’ concepts.


  1. Abraham, S. and Chengalur-Smith, I. (2010). An overview of social engineering malware: Trends, tactics, and implications. Technology in Society, 32(3):183 - 196.
  2. Anderson, D. P., Cobb, J., Korpela, E., Lebofsky, M., and Werthimer, D. (2002). Seti@home: An experiment in public-resource computing. Commun. ACM, 45(11):56- 61.
  3. Barford, P. and Yegneswaran, V. (2007). An Inside Look at Botnets, pages 171-191. Springer US, Boston, MA.
  4. Bächer, P., Holz, T., K ötter, M., and Wicherski, G. (2005). Know your enemy: Tracking botnets.
  5. Bertino, E. and Islam, N. (2017). Botnets and internet of things security. Computer, 50(2):76-79.
  6. Choi, H., Lee, H., Lee, H., and Kim, H. (2007). Botnet detection by monitoring group activities in dns traffic. In 7th IEEE International Conference on Computer and Information Technology (CIT 2007), pages 715- 720.
  7. Cole, A., Mellor, M., and Noyes, D. (2007). Botnets: The rise of the machines. In Proceedings on the 6th Annual Security Conference, pages 1-14.
  8. Cooke, E., Jahanian, F., and McPherson, D. (2005). The zombie roundup: Understanding, detecting, and disrupting botnets. SRUTI, 5:6-6.
  9. Dittrich, D. and Dietrich, S. (2008). P2p as botnet command and control: A deeper insight. In 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE), pages 41-48.
  10. DSLReports.com (2009). What is a botnet trojan? Feily, M., Shahrestani, A., and Ramadass, S. (2009). A survey of botnet and botnet detection. In 2009 Third International Conference on Emerging Security Information, Systems and Technologies, pages 268-273.
  11. Foundation, P. S. (2015). Python programming language.
  12. Grizzard, J. B., Sharma, V., Nunnery, C., Kang, B. B., and Dagon, D. (2007). Peer-to-peer botnets: Overview and case study. HotBots, 7:1-1.
  13. Gu, G., Perdisci, R., Zhang, J., Lee, W., et al. (2008a). Botminer: Clustering analysis of network traffic for protocoland structure-independent botnet detection. In USENIX Security Symposium, volume 5, pages 139-154.
  14. Gu, G., Zhang, J., and Lee, W. (2008b). Botsniffer: Detecting botnet command and control channels in network traffic.
  15. Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and Jones, L. (1928). Socks protocol version 5.
  16. Li, C., Jiang, W., and Zou, X. (2009a). Botnet: Survey and case study. In 2009 Fourth International Conference Li, C., Jiang, W., and Zou, X. (2009b). Botnet: Survey and case study. In innovative computing, information and control (icicic), 2009 fourth international conference on, pages 1184-1187. IEEE.
  17. Mirkovic, J. and Reiher, P. (2004). A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput. Commun. Rev., 34(2):39-53.
  18. Ollmann, G. (2009). Botnet communication topologies - understanding the intricacies of botnet command-andcontrol.
  19. Rataj, M. (2014). Simulation of Botnet C&C Channels. PhD thesis, Ph. D Dissertation, Faculty of Electrical Engineering-Department of Computer Science and Engineering, Czech Technical University in Prague.
  20. R.L. Rivest, A. S. and Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems.
  21. Room, S. I. R. (2003). Bots & botnet: An overview.
  22. Seenivasan, D. and Shanthi, K. (2014). Categories of botnet: a survey. Int. J. Comput. Control Quantum Inf. Eng, 8(9):1589-1592.
  23. Sharma, S., Garg, S., Karodiya, A., and Gupta, H. (2016). Distributed denial of service attack. 4.
  24. Tanwar, G. S. and Goar, V. (2014). Tools, techniques & analysis of botnet. In Proceedings of the 2014 International Conference on Information and Communication Technology for Competitive Strategies, ICTCS 7814, pages 92:1-92:5, New York, NY, USA. ACM.
  25. Team, I.-H. D. (2015). Ircd-hybrid.
  26. Wyke, J. (2012). The zeroaccess botnet: Mining and fraud for massive financial gain. Sophos Technical Paper.

Paper Citation

in Harvard Style

Dias J., Pinto J. and Cruz J. (2017). A Hands-on Approach on Botnets for Behavior Exploration . In Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: WICSPIT, ISBN 978-989-758-245-5, pages 463-469. DOI: 10.5220/0006392404630469

in Bibtex Style

author={João Pedro Dias and José Pedro Pinto and José Magalhães Cruz},
title={A Hands-on Approach on Botnets for Behavior Exploration},
booktitle={Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: WICSPIT,},

in EndNote Style

JO - Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: WICSPIT,
TI - A Hands-on Approach on Botnets for Behavior Exploration
SN - 978-989-758-245-5
AU - Dias J.
AU - Pinto J.
AU - Cruz J.
PY - 2017
SP - 463
EP - 469
DO - 10.5220/0006392404630469