In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. In contrast, NIST’s study aims to predict botnet attacks, such as massive spam emails and distributed denial-of-service attacks.
To that end, this empirical study presents a prediction method for botnet attacks. The method uses measurement of command and control (C2) activities and automated labeling by associating C2 with attacks. The method was evaluated using a large-scale, real-world, and long-term dataset. NIST’s aim is to contribute to the development of further countermeasures against botnets and contribute to internet security.