| With great development and extensive applications of technology of computer networks, especially for worldwide spread of Internet, science and technology of computer and internet are continuously innovated and upgraded. Infrastructure and resource of computer networks have become increasingly important to governments, enterprises and individuals, ceaselessly change traditional way in which people live, work and study, and bring about new problems and challenges too. With the increase of information level and enhancement of dependence on computer networks for human society, how to keep information society running normally, safely and steadily is the most important issue of which computer network safety is one to be always strengthened and improved. Application of interconnected network is extensively extended and its open characteristic is extensively strengthened, which causes more and more network systems exposed to threat of attacks and intrusions.Botnet is developed from auto-intelligence program. With the maturity of the technology of worm, the bot has begun to utilize initiative spreading technology to construct a great scale of botnet. Botnet is a novel attack stategy evolved from traditional malware forms; it provides the attackers stealthy, flexible and efficient one-to-many command and control mechanisms, which can be used to order an army of zombies to achieve the goals including information theft, launching distributed denial of service, and sending spam. Botnet has stepped into the expanding phase, and has been a serious threat to Internet security.The research of the botnet has just begun recently, and it has adopted traditional techniques in most cases. Firstly, we need analyze the computer virus by reverse-engineer, and find out the exclusive characteristic code. And then, we can deal with the virus by the code. But the technique has a great shortage. Because the bot has a very long potential time, the traditional technique is not very ineffective to deal with bot. And with the development of the virus technique, a lot of techniques of computer virus shell have occurred . These new virus techniques make the traditional analysis method of computer virus very difficult to use. Based on the research background and the project -"the detection and destruction of P2P Botnet", this paper intends to integrate network instrusion detection and data mining to detect botnet. This thesis first provided the background on IDS. We then provided the data mining knowledge and the applications in Intrusion Detection. By studying and analyzing the Botnet, we have given a detection mechanism of Botnet, which based on communication and dialogue among the bots.Finally, this paper concludes the full text, analyzing the problems of the thesis and the development direction of the correlated techniques. |
PDF Full Text Request