Botnets have increasingly become tools for a myriad of cyber criminal activities including phishing, distribution of malware, cryptojacking, distributed denial of service (DDoS) attacks, click fraud, phishing, and much more. A botnet represents a logical group of internet connected machines including computers, mobile devices, or IoT devices, known as bots, whose security have been compromised by the “bot herder”, the individual controlling the botnet and directing the activities of all of its comprising bots via a remote command and control (C&C) server.
During the past few years, the identification of botnets has represented an essential part of cybercrime analysis and prevention research studies. A recently published paper presents an analysis of research papers related to various techniques of botnet detection. The paper analyzes 194 papers that focus on the identification of botnets during the period between 2009 and 2018. The papers analyzed were retrieved from the ISI Web of Science database.
Research on botnet identification techniques:
The past few years have witnessed multiple research approaches on botnet identification techniques. Research studies have been conducted on the basis of the different characteristics of botnets, including their sizes, target platforms, and communication protocols (P2P, IRC, HTTP, etc.) These research approaches have offered cybersecurity professionals a myriad of resources including packet capturing and network tracing tools that can be utilized in the identification and mitigation of botnet attacks. Nevertheless, despite the fact that these techniques have aided in the prevention of multiple attack forms, more and more research is being carried out as the number of botnet attacks continues to rise, especially those originating from IoT devices.
Research on botnets serves as a special domain for the investigation and analysis of botnet characteristics in order to develop new techniques to prevent, identify, and mitigate botnet attacks. Within this context, it is worth emphasizing that the results obtained from research conducted in this sector are valuable as can be seen, for instance, in research involving detection of botnets via big data analytics, or those involving machine learning models for the identification of a botnet across a network with dynamic adaptation. However, despite the large number of articles published in this domain, according to the authors of the paper we are reviewing, a bibliometric article that discusses the research trends and implications of such investigations does not yet exist.
Bibliometric approaches develop bibliographic overviews of academic research or selections of scientific publications commonly cited in books, theses, patents, conference papers, and journal articles in order to develop a quantitative analysis of published materials written on a given subject. Such an approach has the potential to identify emergent and the most influential research fields, in addition to following research trends over extended durations within many sectors.
Assessment of botnet identification research practices:
The paper utilized bibliometric analysis in order to investigate botnet identification techniques throughout the period between 2009 and 2018, which enabled the authors to unmask global tendencies associated with bibliography production of botnet identification approaches. The investigation relied on seven criteria for the analysis including productivity, authors, institutions, research areas, keyword frequency, highly cited articles, and impact journals. These criteria led to the conclusion that Asia was associated with the largest number of published articles investigating botnets, followed by North America, particularly the United States which was associated with an enormous number of published articles.
The research sector under which most articles discussing botnet identification are published is Computer Science and Engineering, with most cited works coming also mainly from Asia and North America. Moreover, most institutions which have directed research efforts towards investigating botnets are located in North America, Asia, and Europe. For the first two continents, the majority of authors come from the US and China respectively. Malaysia and India are also among the most active countries in publishing botnet related articles.
When the impact factor is considered, the largest number of publications are associated with papers of IEEE Communications Surveys and Tutorials, IEEE Transactions on Cybernetics, and IEEE Transactions on Information Forensics and Security journals. It is worth highlighting that the publication venue is pivotal in the determination of whether or not a newly published research study will be extensively cited. It is also to be noted that the publication year also influences the impact of a paper, as the earlier a paper is published, the more commonly it is cited.
Lastly, the analysis of frequency of keywords concluded that the most applicable keywords and titles are “botnet detection” and “method”. These two keywords are consistently used by writers for authoring papers and have a direct impact on outlining the trends and future research directions in the field of botnet detection.