**2.1 Centralized Botnet**

IRC-based Botnet: In the early days of the Internet, the earliest centralized Botnets were mainly IRC-based Botnets, which mainly used IRC services to communicate between C&C servers and Bots (**Figure 1(a)**). This type of Botnet has a simple structure and adopts the known plaintext protocol [11]. Through the monitoring of activity cycle of the Botnet (such as ports and messages), the characteristics can be clearly identified, and these data flow can be easily filtered out in the


**29**

**Figure 1.**

*Three types of Botnet structure.*

Botnets currently use the HTTP protocol.

*Threats from Botnets*

*DOI: http://dx.doi.org/10.5772/intechopen.88927*

network defense. This type of Botnet has a little impact because of its small scale. However, due to its simple operating mechanism and strong operability, it is deeply used by hackers. With the current development of Botnet, many hackers still use it. HTTP-based Botnet: Due to the easy identification of messages of IRC-based Botnet, the HTTP-based Botnet arose. This type of Botnet could hide itself well by adopting HTTP protocol. Since the communication protocols between devices on the Internet are mainly HTTP protocol, HTTP messages in the information transmission of HTTP Botnet can be mixed with normal messages, making it difficult to filter directly through the router rules (ACL), which greatly improves the survival ability of Botnet and makes it more concealable. It is known that the HTTP-based Botnet is more complex and diverse than IRC-based Botnet. Rustock, Zeus, Torpig, etc. encrypt the content of the communication, and Conficker and Torpig also adopt a technique named "domain-flux" to increase the difficulty of blocking their control servers [12]. In addition, a small number of Botnets, such as Naz, also directly use popular social networking sites (such as Facebook, QQ space, etc.) as control servers, increasing the difficulty of detection and blocking [13]. Most

Custom protocol Botnet: Some Botnets use custom protocols for communication. The known Botnets of this type include Mega D, Mariposa, etc. Since Mega D
