Study And Realize On IRC Based Network Flow Detection Model

IRC protoco(lInternet Relay Chat)ia a communicational protocol based Internet。Invented 1998 by Jarkko Oikarinen and the architecture is C/S.Recently,more and more people(aboard)chat online through IRC.because the bot based on IRC,more and more host that have vulnerability has infect the bot and become a controlled network called BotNet.the BotNet a network has been contorled by botmaster.becauce of the particularity of the BotNet, so destructive power to be considered, the damage is not any less than any threat to the network.Botmaster control a large mount of host those has infected bot,conduct them to carry out acts of sabotage through bot command.At presently, the main way is to launch DDOS,lots of spam,damage IRC chat network and theft sensitive informationAccording to IRC protocol architecture,charater,IRC based botnet mechanism , this paper select a bot specimen(mIRCStorm)and focus on the botnet detect method research.the most important productions in thesis include.①Introduce IRC protocol,incluce the module,the message relay mechanism between the modules,IRC channel manage mechanism,the server and the client protocol.②Analyze the IRC based BotNet defenition,classfication,the stress point is architectur and principle.③Construct simulation experiment environment,simulation the bot infect process in the environment.Analyze the detect method based IRC.④Propose a flow detect method based IRC protocol BotNet according to IRC protocol architecture and the communicational character.analyze the feasibility of the method,compare with the others methods.⑤Choose a bot specimen(mIRCStorm),implement the proposed method.Test the method in LAN simulation environment, establish test scheme and target, and validate the test method feasibility.Essentially, the proposed method is a detect module based on flow detection.the method test result has validate the test method feasibility through the simulation environment.the proposed method is a reference to detect other IRC based botnet architecture, such as Agobot,GTbot.and the result of the method is trace to the source,provide a direct architecture for the initiative recovery.