The Design And Implementation Of Collaborative Botnet Detection System Based On The Flow

The rapid development of technology has brought the rapid innovation in computer technology, the computer has been widely used in people’s daily life, gradually become an essential item. However, the continuous development of technology not only just brings a positive impact, but also some troubles from serval malicious computer users. They attack others, seek their privacy, and get profits by this private information. These attacks make serious threats to the information security of individuals, groups, and even the countries.With the development of information security technology in recent years, network security systems already can detect and intercept most kinds of network intrusion. But botnet, a special invasion, is a difficult problem for the security experts all the time. For this situation, this paper proposes a flow-based distributed collaborative zombie network intrusion detection system; introduce the distributed collaborative mechanism to the traditional zombie network intrusion detection system, let the intrusion detection more efficient and more comprehensive than before.The main contents in this paper are as follows:1) The principles, detection methods, flow characteristics of botnet were researched. The main contents contain the functional structure, the classification and several control methods, and several major attack ways of the botnet. In addition, this paper researched some detection methods, analyzed and compared their advantages. Then, the flow characteristics of botnet were researched.2) The mechanisms for distributed collaborative were researched. And this paper also analyzed its feasibility in the application to the zombie network intrusion detection system, compared with other deployment, and highlighted the advantages. 3) Based on the conclusions of these researches, the paper designed collaborative botnet intrusion detection system. The design contained three parts:the detection system of botnet based on the flow, distributed collaborative system, and the botnet signatures. The first part was the detection subsystem of the whole system, which was the node of the distributed system, its management module, detection module, processing module were also designed; and then distributed the collaborative system to complete the detailed design of the main control center of the whole system of management and collaborative analysis module; the design of the botnet signatures primarily focused on obtaining and updating the botnet features.4) This paper conducted the real system and tested it in actual network. Compared with the detection systems before, it would be more efficient. In the actual network test, it reached the expected results, and its functionality and performance also had good performance.