Research And Implementation Of Botnet Detection System Based On Correlation Analysis

The botnet is a network composed of bot, and the botmaster can use Command & Control Server to control the bots for DDoS attacks, spam, stealing information and so on.A lot of approaches have been proposed to detect botnet, which is from early botnet detection based on signature to the later botnet detection based on traffic behavior and statistics. But to the date, it is hasn’t been proposed a botnet detection that can detect all kinds of botnet. Different botnet detection can detect different botnet and can’t do correlation analysis with other kind of botnet detection. In addition, there are limitations for the information communication and storage mechanism between different modules in different platform.In this paper, we proposed one botnet detection system based on correlation analysis, which applies the service oriented architecture in the design and development of the botnet detection system. The system has integrated two different botnet detection to expand the scope of botnet detection. We make the use of oriented service architecture to design the botnet detection system, so that it can be deploy in different network nodes and eliminate the tight coupling between different modules. We also use object-oriented idea to design the system message mechanism, which support the detection system can communicate with different platforms or operating system.This paper has designed and implemented a botnet detection system based on correlation analysis. It contains three main parts:(1) Use service oriented architecture to analyze and model the botnet detection system based on correlation analysis. We analyze the required function modules and integrate the two different botnet detection system, which realize loose coupling between different modules and can be deployed in different network nodes flexibly. (2) Analyze the limitation of the content and structure of messages in the botnet detection system, and design the unified message format of the botnet detection system, providing message transmission support for distributed deployment of botnet detection system. (3) The difference experiment of XML message and text message has proved that using xml message format has little effect on performance of botnet detection.