| Botnets are sophistieated platforms for large-seale attacks, which are composed of many compromised computers remotely controlled by attackers. The fundamental difference between botnets and traditional malware(such as Trojan, worm etc.)lies in that the attacker manipulates the zombies to launch malicious activities such as DDoS attacking, phishing and Spamming through one-to-many C&C(Command and Control Channels). Botnet is one threat the present international network security domain most pays attention.At first the article introduces botnet definition and related concepts, analyzes different types of botnet command and control mechanisms, summarizes the bot propagation model and botnet detection methods.Based on these analysises the article respectively researches the work mechanism of many common IR,HTTP and P2P botnets, deeply studes the source code of IRC bots and extracts the features. To better study the working principle of botnet, the article builds botnet experimental environment, tests a variety of botnet control tools based on private protocol, collects the network traffic of bot activities, extracts the flow features, and gives a comprehensive analysis of ShangXing remoto control.In order to detect botnet effectively, a botnet detection system is designed and implemented according to the design principle of the existing botnet detection system-BotHunter.It is built up on the basis of Snort by adding related pre-processor modules and the associated analyzer module.This systerm is preliminariliy tested on offline mode and the result shows that it can effectively detect bot activities. |
PDF Full Text Request