The evolving threat landscape of botnets: Comprehensive analysis of detection techniques in the age of artificial intelligence

Botnets represent a significant and evolving cybersecurity threat, leveraging networks of compromised devices for various malicious activities, including data exfiltration (e.g., Truebot malware), credential theft, and distributed denial-of-service (DDoS) attacks. heir increasing sophistication includes advanced evasion techniques such as domain generation algorithms (DGAs), encrypted command-and-control (C&C) channels, and peer-to-peer (P2P) architectures. These innovations pose substantial challenges to conventional detection systems. Existing surveys typically examine isolated detection methodologies or specific datasets, failing to address comprehensively the broader landscape, especially regarding adversarial manipulation of machine learning (ML) and artificial intelligence (AI) feature sets. To address this critical gap, this survey introduces the first systematic adversarial-aware analysis of botnet detection strategies. It specifically evaluates how adversaries exploit ML/AI feature manipulation, such as through noise injection and feature perturbation, to evade detection, a perspective that has not been quantitatively addressed in prior literature. A core contribution is our explicit benchmarking of detection model robustness across four quantitative metrics, faithfulness, monotonicity, sensitivity, and complexity, providing novel insights into the resilience of state-of-the-art models under adversarial conditions. Additionally, we highlight persistent practical challenges including limited dataset diversity and dependence on high-quality labeled data, and propose potential mitigation approaches such as synthetic data generation, federated and semi-supervised learning, and lightweight detection architectures tailored for resource-constrained IoT deployments. Finally, we outline key future research directions emphasizing standardized robustness evaluation frameworks, explainable AI to enhance interpretability and trust, and privacy-preserving collaborative data-sharing mechanisms. By integrating this adversarial-aware perspective with a comprehensive and practical evaluation framework, this work contributes to the field’s understanding of botnet detection and supports the design of more robust and resilient cybersecurity solutions through insights relevant to both researchers and practitioners.