| Campus network is an important modern infrastructure, which provides advanced, reliable, safe, fast computer network environment for teaching, research, management and service.So the security of campus network is essential. As the networking field is continuous development in breadth and depth and open characteristics of deepening, more and more network is facing the threat of attacks and intrusions. Charged computer is a puppet computer which is infected by virus, trojans, and worms and is attacked by hacker. It not only reveals personal information but also can be used by someone else and do something illegal. Botnets are especially popular in recent years as a control. The controller can centralize control hundreds of hosts to achieve information theft, distributed denial of service attacks and spam sending, so great threat to network.In this paper, our study object is botnet. We study the botnets'control principle based on IRC and P2P in a deepgoing way. Botnet detection has two ways, one is based on network flow and the other is based on hosts. The method in this paper is based on network flow. This paper gives a detecting method of IRC botnet based on k-means algorithm. At the same time, we study the detecting method of P2P bots based session stability, and mainly study IP data rates reflecting on fasle negative rate and false alarm rate. In the course of the study methods, the AC multi-pattern matching algorithm is applied to the protocol recognition process. And we focus on P2P protocol indentification. Finally, we complete the system of testing bots in campus network. The detection system can detect bots of these two protocols. |
PDF Full Text Request