Research And Implementation Of Fast-flux Botnet Traffic Detection Technology Based On Spatiotemporal Features

Nowadays,with the quick application and development of network technology,the security of the network environment is also facing the increasingly severe challenges,and botnets is one of the enemies that threaten the network security.With the rapid development of smart phones and the Internet of Things,the scope of botnet victims is also expanding.In order to extend its own life cycle,botnet is also improving its covert technologies,and Fast-flux technology is one of them.This technology uses a large number of IP addresses to cover the mothership,and the traditional detection methods are difficult to deal with the Fast-flux botnet.Therefore,the Fast-flux botnet is more difficult to find,and it will cause severe harm and loss to all aspects of society.The current Fast-flux botnet detection methods are mainly divided into two types: active detection and passive detection.The former will cause large network fluctuations during detection,and the latter is often combined with artificial intelligence algorithms.It is the current mainstream detection method.However,this method faces the problem of tedious and complex feature extraction.Most of these detection methods only focus on the characteristics of a single dimension of the Fast-flux botnet,and they cannot fully mine data characteristics.In order to effectively detect the Fast-flux botnet and solve the problems in the existing detection methods,this paper proposes a Fast-flux botnet detection technology based on spatiotemporal features.By combining the DenseNet model in the Convolutional Neural Network(CNN)and the bidirectional long-term short-term memory network(BiLSTM)model in the Recurrent Neural Network(RNN),the Fastflux botnet is detected from both spatial and temporal dimensions,and it does not require manual extraction of special values.In addition,in order to apply the detection method to more scenarios,this paper uses a knowledge distillation method to train a lightweight deep learning network.This measure can apply the detection method of this paper to the environment with limited equipment conditions.This paper also designs a prototype system that can implement Fast-flux botnet detection in high-bandwidth scenarios according to the application requirements in the actual network.Finally,this paper tests the detection method on a data set composed of traffic from the CTU-13 and ISOT public data sets,and compares it with four other detection methods.The experimental results show that the detection method proposed in this paper has improved accuracy and precision compared to the other four detection methods,with a detection accuracy rate of 98.3% and an accuracy of 97.5%.And the lightweight model after knowledge distillation also has better detection effect than the original model.This paper also conducts practical scenario application tests on the designed prototype detection system.The test results indicate that the system can meet the detection requirements in a high-bandwidth environment and achieve efficient detection of Fastflux botnet traffic.