Research And Implementation Of Botnet Detection Technology Based On Network Traffic

With the continuous development of computer network technology and information technology,the Internet has entered all walks of life,profoundly affecting traditional production methods and social lifestyles,and spawning a large number of new products and applications.Emerging technologies represented by mobile Internet,cloud computing,edge computing,Internet of Things,and Industry 4.0 bring convenience to the people,but also bring severe security challenges.In recent years,network security incidents have occurred frequently,and security incidents such as ransomware,sensitive information leakage and distributed denial of service have emerged one after another.Using botnets to launch large-scale attacks is a common means for network attackers.The existence of botnet has brought great harm to people’s production and life and seriously hindered social progress.Therefore,the research on botnet detection technology is of great significance.At present,botnet detection technology can be divided into rule-based detection,machine learning detection and deep learning detection.Rule-based detection technology can not identify unknown botnets;The detection technology based on machine learning needs manual design and feature extraction,and the detection results are uncertain;At present,the detection technology based on deep learning can solve the shortcomings of the above two methods,but there are some problems,such as less feature dimensions,low accuracy and high false alarm rate.In view of the problems in the above research,this thesis proposes a botnet detection method based on deep learning,and designs and implements a botnet detection system.The work of this paper is summarized as follows:(1)A botnet detection algorithm CNN-GRU based on deep learning is proposed.The algorithm extracts the spatio-temporal characteristics of network flow level,and then detects botnet traffic.In order to solve the problems that traditional machine learning detection algorithm relies on artificially designed features and the dimension of extracted features is single,this thesis proposes a parallel neural network detection model,which can automatically extract the spatio-temporal features of network flow from the original network traffic by using two kinds of neural networks,and fuse the spatio-temporal features to increase the diversity of network flow features to improve the detection accuracy.Compared with other mainstream botnet detection methods based on deep learning(such as LSTM),this algorithm adopts GRU network with simpler network structure,which can effectively solve the problem of long training time of LSTM network.Finally,the performance evaluation indexes such as accuracy,recall,missing rate and F1 score are selected,and the effects of picture size,selected number of data packets and data packet length on the model performance are explored on ISCX-2014 dataset,and the performance is compared with the current research results.Experiments show that the accuracy of the proposed algorithm exceeds or equals to the existing detection methods based on deep learning,while reducing the false alarm rate,improving the F1 score,and further shortening the training and testing time.(2)Based on the proposed botnet detection algorithm,this thesis designs and implements a botnet detection system,and introduces the functional requirements,architecture design,module design and implementation of the system in detail.The system includes five modules:data acquisition,data preprocessing,botnet detection,visualization and user management.(3)This thesis builds a botnet test environment,and analyzes the usability of the basic functions of the system by designing test cases.Tests show that the system can detect botnet traffic well,and show the statistical information related to the geographical distribution of botnet nodes and detection results,which improves the awareness of botnet security situation to a certain extent.