Botnet is platform which can carry out DDOS, spamming, phishing and other attacks. As a result, it become one of the greatest threats to network security and the most hottest topic among network security researchers.In this paper, the threat of botnet and the related works which have been done by other researcher are introduced firstly. And then the basic concepts, the lifetime of botnet and the classification of detection methods of botnet have been introduced briefly. After that, this paper make the focus on the botnet detection methods based on DNS traffic.Through a long time of analyzing the characteristics of botnet DNS queries, a Fast-flux botnet detection method based on weighted SVM has been proposed. By comparing with the linear classification method proposed by Thorsten Holz, it shows that our method can reduce false negative obviously. Furthermore, several enhancement botnet detection methods have been proposed. By using the botnet merging algorithm, we can find that some irrelevant domains or IP of botnet are belong to the same botnet actually. Botnet detection method based on domains which have IP address can detect botnet based on different protocols. For the newly appeared botnet using DNS TXT query in communication, a botnet detection method based on DNS TXT query has been proposed. Experiments show that these botnet enhancement detection methods can improve the botnet detection. |