Study On Technology Of P2P Botnet Detection

Botnets have become one of the biggest security threat in today's Internet,P2 P botnet is a new generation of mainstream botnet with the rise and development of P2 P technology.P2 P botnets as a new way of network attack,with stable,reliable and safe hidden features,brought more serious challenge to network security.At the same time,for the construction,track,measure,detection and prevention and so on various aspects of research are also actively.Among them,the P2 P botnet detection technology has become a research hotspot and difficulty in the field of network security.In this thesis,we study P2 P botnet detection based on traffic analysis,design,implement and validate a detection system,the main work is as follows:1.Analyzing of domestic and foreign research and existing problems of P2 P botnet detection techniques,in the study of the basic P2 P technology and botnet-related theory and technology,using a method based on traffic analysis to detect P2 P botnet.2.Proposing a hybrid identification method on P2 P protocol,In the analysis of now P2 P protocol identification technology,we present a hybrid identification method based on the combination of content-based characteristic pattern matching algorithm,screening algorithms of four flow features and reference filtering of port characteristics.3.Proposing a P2 P botnet detection method based on support vector machine(SVM)algorithm.By analyzing the traffic characteristics of P2 P botnet,and extracting data stream packets per second,bytes per second,bytes per packet and each packet stream Number of these four properties characteristic,trained to build SVM classifier to classify the P2 P botnets.4.Designing,implementing and validating a P2 P botnet detection system,CAID system.The system consists of capture,analysis,identify and detect of four modules.Experiments and results showed that: the proposed P2 P protocol identification method can be well done to identify P2 P protocol traffic,correct identification rate reached 98%;SVM-based detection method proposed can also be good to realize detect P2 P botnet,correct detection rate reached 94.81%.