| The danger of the network is now making nations and enterprises feel more and more worried. How to ensure the network security has become the very aim all over the world. The attacks issued by the hackers are now profit-driven and more complicated. They now attack personal computers and web applications, mainly focusing on the economic interest. Botnet is one of the favorite attacking methods for hackers. The network of a botnet is controlled by a remote host compromised by the attacker and there are a lot of other compromised computers controlled by that remote host. Botnet now has become a serious threat to the network security because of its vastness. Newly found botnet recently is better-hidden and more powerful, which can spread and update automatically, and there are a lot of varieties emerged.This article first explained what are bot and botnet, and then analysis the honeypot and honeynet, which are used to collect malwares. This article then discussed the traditional malware collect method and its advantage and disadvantage, upon which this article forwarded a new malware collect method. The improvement included the optimization of the vulnerable module, combination of vulnerable module and dialog emulation module and modification of session comparism skill. The new method could solve the problem of many services binding on one port and it can capture new exploit in time and without much delay.This article designed a platform for experiment, on which two capturing methods are competing. The experiment result shows that the new method is better than the old method in capturing new mallware which attack certain service. |
PDF Full Text Request