| With the damage of the botnet to the Internet is heavier and heavier, the botnetdetection has become a hot spot in the study of network security field. There are twokinds of methods on botnet detection basically. Earlier detection method is mainlybased on host which is simple and quick. But it often can only detect known botnet,detection method is not strong enough to unknown botnet. Nowadays the main detectionmethod is based on network detection technology. This technology monitors the changeof behavior and signature of botnet in network traffic through a real-time method.Through analysis of such changes, we could realize the detection of botnetsThis paper puts a botnet dectection system based on network behavior analysis,this system use the characteristics of botnet that have command and control channels,through analysis of network behavior of botnet, using network behavior detectionsignature extraction method of botnet based on response-command, we design networkbehavior detection signature structure of botnet which combines the anomaly detectionwith signature detection, and eventually extract traffic signature and command signaturewhich are used to build the detection method. Finally, based on the Bro intrusiondetection system, we design a botnet detection model which uses the technology ofnetwork behavior analysis, realize the detection scripts, test the model, and analyze itsdetection capability to the single bot. |
PDF Full Text Request