Research On Techniques Of Botnet Detecting Based On BP Neural Networks

Botnet combines computer viruses, worms and Trojan horses and other malicious software technology and develops quickly. It uses a variety of network protocols to improve command and control mechanisms, uses cryptography technology to encrypt communications, uses distortion and ROOTKIT technology to achieve self-protection,. Therefore, the traditional detecting methods are facing more and more difficulties, like signature based, network protocol based and cyber-attacks based detection.This thesis studies the botnet history, function modules, life cycles, and command and control mechanisms. According to the involvement of different time points, existing botnet detection technology were studied, the principles and applications of artificial neural networks are analyzed, also the botnet traffic characteristics. Based all these, a botnet detection method based on BP neural network is proposed. This method depends only on characteristics of the network data packet head, the encryption botnet can be detected; the classifier aimed at botnet’s command and control network traffic, can detect the hibernating botnets. And the trained neural networks can check the arrival of a new flow quickly. Botnet detection method based on BP neural network technology includes data collection and data analysis. Firstly, it captures the network traffic extracting features, then pass features to neural network classifier to learn rules to distinguish botnet traffic from background traffic. According to this detection method, this thesis gives a detailed design of prototype system, specifically describes the network traffic feature capturing and neural network design and implementation methods, and gives important data structures and key routines in processes flowchart and pseudo- code.In order to verify the above method, this thesis builds a test network environment for detecting Zeus 1.2.4.2 botnet, and captures network traffic data. The result of data packets, data flows, traffic features is presented. After these, this thesis uses the feature samples to train neural network and test, getting a good detection rate and false alarm rate. Therefore, botnet detection method based on neural network proposed in this thesis is effective.