Journal of Research and Review: Hacking Techniques and Information Security Systems (e-ISSN:3107-9318)

Supervisory Control and Data Acquisition (SCADA) systems constitute the backbone of Critical National Infrastructure (CNI), supporting essential services such as electric power generation and distribution, water treatment, oil and gas operations, and transportation systems. As Nigeria accelerates the digitization and interconnection of its industrial control systems to improve efficiency and operational visibility, these environments have become increasingly exposed to sophisticated cyber threats. Among the most significant of these threats are botnet-driven attacks, which exploit legacy protocols, weak authentication mechanisms, and limited security monitoring capabilities typical of many SCADA deployments. This study presents a comprehensive analysis of botnet activities targeting SCADA systems within the context of Nigeria’s critical infrastructure. It examines the architecture, command-and-control mechanisms, propagation techniques, and attack objectives of modern botnets that pose risks to industrial control environments. Using a combination of simulated SCADA network environments and empirical analysis of publicly available global botnet datasets, the research identifies prevalent attack vectors, traffic patterns, and system vulnerabilities relevant to Nigerian CNI. Particular attention is given to distributed denial-of-service (DDoS) attacks, reconnaissance and lateral movement behaviours, and malware-driven manipulation of control commands. Building on these findings, the paper proposes a context-aware botnet analytics framework tailored to SCADA systems in developing economies. The framework integrates machine learning–based traffic classification, anomaly detection techniques, and external threat intelligence feeds to enable early detection of botnet activity and support timely mitigation. By emphasizing low-latency monitoring, explainability, and adaptability to resource-constrained environments, the proposed approach addresses both technical and institutional challenges faced by Nigerian infrastructure operators. The study contributes to cybersecurity research by providing empirical insights into botnet threats against SCADA systems and by offering a practical detection and mitigation framework aligned with Nigeria’s critical infrastructure realities. The findings are intended to inform policymakers, infrastructure operators, and cybersecurity practitioners, while also supporting the development of more resilient and proactive cyber defense strategies for national infrastructure protection.

Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., … Zhu, K. (2017). Understanding the Mirai botnet. In 26th USENIX Security Symposium (pp. 1093–1110). USENIX Association.

Bartlett, J., Komisarczuk, P., & Renaud, K. (2008). Botnet detection: Countering the largest security threat. Springer. https://doi.org/10.1007/978-0-387-68768-1

Canadian Institute for Cybersecurity. (2017). CICIDS2017 dataset. https://www.unb.ca/cic/datasets/ids-2017.html

Check Point Research. (2021). Africa Cyber Threat Intelligence Report. [Provide exact URL from Check Point Research to confirm title]

Cybersecurity and Infrastructure Security Agency. (2022). Recommended practices for securing industrial control systems. U.S. Department of Homeland Security. https://www.cisa.gov/ics/recommended-practices ‎(CISA)

Czech Technical University. (2013). CTU 13 botnet dataset. https://www.stratosphereips.org/datasets-ctu13

Dragos, Inc. (2025). Understanding ICS Malware: Defining a Credible Threat to Industrial Infrastructure [White Paper]. Dragos, Inc. (includes analysis of Havex and other ICS targeted malware). (dragos.com)

European Union Agency for Cybersecurity. (2021). Cybersecurity for industrial automation and control systems. ENISA. https://www.enisa.europa.eu/publications/cybersecurity-for-industrial-automation-and-control-systems ‎(Wikipedia)

García, S., Zunino, A., & Campo, M. (2014). Survey on network based botnet detection methods. Security and Communication Networks, 7(5), 878–903.

Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber physical systems security—A survey. IEEE Internet of Things Journal, 4(6), 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172