| Botnet is the most popular means of network attack at the present, it can provide more flexible and efficient control for the attacker, so it has become one of the most serious security threat to Internet. The attackers can easily control lots of hosts on the Internet with Botnet and distribute denial of service attacks, send spam and steal sensitive information from the controlled host to seek economic benefits.In the view of the situation, detecting the botnet accurately from amount of information is more and more important, so how to find botnet in the massive network is the key problem.This paper gives the way to apply the decision tree algorithm on the detection based on the existing research results,on the theory, by trying with a small amount of data, the accuracy is acceptable,however, because the data information in the network is huge and complicated, we decide to use support vector machine as classification methods. The process is made up of three parts. One is to manipulate data, the second is to train detection model and the last one is to detect the accuracy with the trained model. Finally, because neutral network is a good method applied by classification, we make the experiment with neutral network for comparing. We use the accuracy and the error rate to observe the feasibility of the method.To verify the method, this paper gets data from the Internet into the information database and downloads the virus program to simulate the botnet in laboratory, finally put the traffic data in the database randomly to make it more close to the real environment. After get the data, we use them to training data and test data. The next is to create and train SVM model. In this paper, we choose the SVM based RBF kernel function, after that we use training data to train the model for the specified model. When the model is trained, we use the test data to detect the mode, and the error rate show that, the method based on SVM can efficiently, accurately detect the existence of the botnet. |
PDF Full Text Request