Research On Botnet Dynamically Detecting Platform Based On Network Traffic

Botnet is a control computer group secretly built through methods of computervulnerability, social engineering. It can scan, refuse the service attack, send spam andphishing scam and all on a large scale. Along with the development of Computercommunication technology and network technology, the botnet between the controlledof host to enhance the robustness and command and control communications system bemore powerful and secret. It makes the botnet detection work more difficult. It iswatched closely.First, we introduce the botnet throughout the development process, and analyzethe characteristics of each type of botnet. We define the study of the botnet as a groupin the work produces similar communication flow and response flow behavior ofcomputer network. We summarize the existing botnet detection mechanism andmethods both at home and abroad, analyze the advantages and disadvantages of allkinds of detection methods.Secondly, in order to better research of the botnet detection, we study thepropagation model of botnets. We consider the influencing factors which the Internethas two normal in existing botnet propagation model, construct the new botnetpropagation model. Through Comparison of the simulation results and othercommunication models, we provide the process of spreading infection botnets forecastinformation.Then, there are some problems in the existing botnet detection system, such aslow detection veracity rate, low efficiency and so on. We propose the dynamic botnet detection model based on network traffic, improve the traditional detection framework,and design the testing platform of the network deployment charts. We make eachtesting point to communicate and implement comprehensive inspection, so as toimprove the accuracy of test results.Finally, in order to test the effectiveness of the research work, the testing platformfor the realization of the prototype system, and has set up a test environment for thebotnet to the real network attack, to capture network traffic within the network, usingthe prototype system for data analysis, to complete the testing work for testingplatform, and the experiment results are analyzed, and its effectiveness was verified.