Research On Detection Technology And Propagation Model Of P2P Botnet

With the rapid development of computer technology, computer networks are used widely in people’s work and lives of popularization and application. Meanwhile, network security has become more and more prominent.Currently, botnet become one of the most serious of Internet threats. Botnets controllers control a large number of hosts to attack multiple target vectors, such as distributed denial of service(DDoS) attacks, email spam, steal information from the zombie host. More and more security researchers of security field have focus the problem of botnets.In recent years, with the development of P2 P botnets technology, this P2 P zombie networks is a non-centralized network control model, compared with the traditional botnet command and control which relies on the central node the distribution botnets of P2 P is more hidden and more survivability. Several key analysis problem on P2 P botnet such as P2 P botnets function, flow characteristics and measuring technology. The work and contributions of this paper include the following:(1) Proposed P2 P botnet detection method based on deep belief networks. Research on the difference of flow features between P2 P zombie network and normal network.The advantages and disadvantages of past detection algorithm has been aslo analysised seriously. In this paper,a P2 P zombie network detection method based on deep belief network,which based on artificial neural network theory,was proposed. The real flow sample of P2 P zombie network and normal flow been used to train deep belief network classifier. The experimental results show that, compared with traditional methods, the detection method based on deep belief networks with high recognition rate.(2) Proposed a P2 P botnet propagation model based on SEIR(susceptible, exposed, infected, recovered) epidemic model. Considering the zombie takes a certain amount of time to enable defense measures. The delay? reflect the time of network nodes take defensive measures to a normal host.A SEIR model with delay ? was proposed and analyze the local stability of the equilibrium point.Theoretical analysis and numerical simulation results indicate that the dynamics of the model depends on time delays ?. This model is consistent with propagation characteristics of zombie processes in complex networks, which conducive to analysis behavior of P2 P botnet and design more effective countermeasures.