| Botnet refers to a kind of network that use one or more means of communication to infect a large number of hosts with bots, formed between the infected host-to-many control. Attacker use various channels to spread bots through on the Internet and a large number of infected hosts, while the infected hosts through a control channel to receive the attacker's instructions to form a Bot net.The most common botnets are based on IRC-agreement. It is entering its rapid development period, and has created a serious threat to Internet security. The harm caused to the Chinese mainland is particularly serious, but at the same time, the test to botnets is not complete, the identification and detection of botnets do not have a unified and effective approach. Because of the technical features botnets presented and its development trend, to strengthen research on botnet and to coordinate the anti-virus industry and emergency response departments in effective anti-system, to be effective to curb its rapid development momentum will be the important measures .This issue mainly comes from the unusual nickname of the botnet communication mechanisms as a breakthrough, the author created a prototype system which be able to detect the botnet that load on the IRC communication protocol, to make technical groundwork for the future backbone of the deployment of passive monitoring botnet detection system.The subject is modeled on a similar algorithm as RiShi system, migrated to C + +, complexes regular expressions with the Rishi's script, from the perspective of unusual nickname to find botnet hosts. Channel for the backbone network through real-time monitoring, the results showed that the jurisdiction of the network can be promptly detected within the region botnet hosts, the IRC-based botnet detection system prototype implementation, will help us against the new type of botnet command and control mechanism for the accuracy and efficiency botnet detection mechanism. |
PDF Full Text Request