Botnet Detection And Prevention System

Botnets (evil botnet) becoming international one of the most concern in the field of network security threats as the popularity of the Internet on a global, high speed IP network technology development, scientific and technical progress in the benefit of mankind at the same time, poses a new threat. Use of botnets, the attacker can cause the entire application based information networks or important system crash, also can cause a lot of secrets or personal privacy leaks, be used to implement network fraud network, such as illegal and criminal activities, even threats to national security. At present this threat on a global scale is still has not been effectively controlled, although countries around the world to take the legal and technical measures to prevent, but instead of facing increasing challenges in the technology, into a kind of "more fight against more power" dilemma.The issues on the netbot Trojan detection and analysis of ways and means of transmission, and to provide technical blocking support. Development of "Botnet Detection and Prevention System" convergence layer can be applied to the Internet and even in metropolitan area networks nodes, access through light or mirror method, to capture network data, and effective triage and filter the data. In accordance with the appropriate law to lower-level intelligent data analysis, botnets and botnet behavior characteristics found domain names, According to the discovery of unusual circumstances, taken against botnet technology block, to protect computers within the scope of monitoring from a botnet attack.The subject "Large flow of data capture and session blocking solutions " primary research to hardware programmatically 20G bps Internet traffic data flow and filtration technology. Using 8200G devices, we capture large flow data of 20G bps without losing. Use five-element rule under IP and TCP packet interception technology, drops a large number of useless data. At the same time will be effective after filtering for streaming data to a different device, enable large capacity data reduction at the server level to bear data, increase effective utilization of the data. also, we restore and analysis of DNS transport protocols the underlying data, to monitor suspicious domain name botnet, depending on the system analysis found questionable botnet behavior. Attempting to establish or botnet take suspicious domain name redirect for establishing a connection, TCP session hijacking, and other technical measures cut off botnet connection in order to achieve the goal of botnet monitoring and prevention.