| The malwares have become the most powerful tools used by network attackers, these malwares control and maintain the whole network by using some botnets which are under the control of network criminals. Network attackers utilize these botnets to propagate bots and control zombies to do various kinds of illegal activities. The botnet has been becoming one of the greatest threats to the network security.At first this thesis introduces the definition of botnet and the related concept, and researches the functions of botnet structure and working mechanism. Then this thesis analyzes and sums up three kinds of common botnet detection algorithm. Based on the above analysis, this thesis researches the spatial-temporal correlation in bot response (message response and activity response). According to this character, this thesis proposes the botnet detection technology based on spatial-temporal correlation. At last, this thesis designs and implements the botnet detection system based on the technology. This detection system extracts traffic signatures from network packets instead of the deep analysis of full-payload data. This system can effectively identify malicious flow and encrypted flow. The results of the experiment show that this detection technology can satisfy the requirements of lower false positive rate and lower false negative rate. |
PDF Full Text Request