Research And Design Of Botnet Detection System

With rapid development and extensive applications of technology of computer networks, the number of cyber-crime has increased dramatically which causes more and more users and enterprises exposed to threat of attacks and intrusions. The main reason for this phenomenon is the emergence of botnets. Botnet provides the attackers stealthy, flexible and efficient one-to-many command and control mechanisms, which can be used to order a large number of zombie hosts to achieve the goals including information theft, launching distributed denial of service, and sending SPAM. Botnets is the core strength of cyber-crime. Zombie is entering a period of rapid development and has posed a serious threat to the Internet Security.The research of the botnet has just begun recently, and the detection just rely on a single method of flow in most cases which can not accurately locate the controller and essentially eradicate botnets. This method usually can not timely and accurately detect botnet until the botnet has been launched attack or a large number of zombies spread.For the above, this paper's main innovation are:designed a system which could inspect and clean botnet, and proposed five new method of detecting botnets, and the various detection methods associated with statistical method combined to detect. Specifically, the primary work of this paper includes:1. Summarized definition, composition, topology structure, operating principle and transmission mode of botnets. Analysis of the traditional detection methods, and briefly describes the trend of botnet.2. By analyzing characters of the botnet, this paper is able to design a new botnet inspect system. This system can inspect botnet, filter the botnet traffic, and provide the specific anti-bot software to help the users whose computers were attacked by the bot programs delete virus.3. Since how to detect botnet in massive data is always the emphasis and difficulty of the study, this paper introduced four new methods to detect botnet on the base of abnormal traffic, they were:virtual machine automatic analysis method, IRC detection method, DNS detection method, botnet communication behavior tracking method. According to detection algorithm, we can inspect the phase of botnet establishment, control and attacking. Once botnets were detected, the filtration and anti-virus module of the system this paper designed can control the spread and harm of botnet further more. The detection system is sufficiently flexible and able to integrate many existing detection techniques to provide effective and efficient botnet inspection, which has better timeliness, lower false positive rate, lower false negative rate, and upper efficiency.4. This paper conducted laboratory test and actual network test for the detection system. Test results obtained were analyzed and the functionality and performance of the detection system were proved. According to the test results, system's functionality and performance are qualified. Higher accurate rate, better timeliness, stricter detection and lower system loss become the strongpoint of the system this paper designed.