| With the rapid development of Internet, human being's work and life has become more and more easier, while the issue of network security has become more serious. Botnet is a well designed and mature technology which has been applied in illegal activities, such as sending advertisements, spam and ddos attacks.Bonet is composed of many controlled computers which receive their controllers'instruction and execute them. In this way, not only can ontrollers hide themselves, but also can use those captive computers to attack the victims. Therefore it is very significant to study the detection of Bonet.This paper describes the malicious action of Bonet in detail and extracted six typical attributes to display Bonet's behavior features. Based on the snort, we implemented six plugins which can produce six types of primary alerts and detect bonets through correlation analysis of those alerts.Correlation analysis of the primary alerts can only detect those known-botnets. So we presented a novel method to detect unknown-botnets by calculating behavior-similarity and time-similarity of all captive computers.We developed a botnet detection system according to those detection methods which have been mentioned above, and run some bots in the real network. The result shows these methods are rather effective. |
PDF Full Text Request