| Recent years, DDoS, spam, worm spread, information theft and other malicious activities cased by Botnet has become an important thread that not only leads to huge economic losses, but also makes the network security to face a server test.Botnet is a large computer network constructed by controlled computers which is more and more difficult to detect from the IRC Botnet to the DNS Botnet. Although significant research technology for the detection of Botnet, the existing detection technology rarely use API function calls to monitor the behavior of bot and artificial immune system algorithm is not used to fusion the data from different sources in immune system.As a result, the main contents of this paper are followed:1. The origin of the Botnet, classification and its hazards, as well as major Botnet detection methods are researched, and the shortcomings and deficiencies of the various types of detection technologies are also analyzed.2. The function of dendritic cells in the human immune system are analyzed from the view of biological mechanism, dendritic cells Algorithm and Deterministic Dendritic Cell Algorithm are introduced.3. The behavior of the bot is researched and analyzed, the mapping between the intercepted data and DCA input signal is completed with an API Hook tool to intercept the system calls that bot calls. By analyzing the behavioral characteristics of the DCA algorithm dendritic cells, data from different sources are fashioned and interrelated to realize the detection of Bot with a new exception indicator MCAV, and experiment show that the fusion capabilities of DCA applied to the detection of Bot is feasible and effective using the MCAV rather than MAC. Finally, the result is influenced by changing the weight matrix and the next step is how to select a suitable weight matrix as well as an appropriate exception threshold. |
PDF Full Text Request