A Kind of Botnet Detection Method Based on State Transition of Zombie
With the Internet becoming more and more important in our life, the problem of its security also manifests day by day. Nowadays dozens of network attacks on the Internet has happened most of which have to do with botnet—the key instrument who creates large scale attacks on the Internet. The infection of zombie virus begins with an extranet-intranet communication process. The whole changing process including being infected, becoming zombie, further diffusing pivot and forming Botnet of a potential victim can be modeled to work out detecting system under the system developing platform Window and Visual C++ (vc6.0) by researching and analyzing the communication process and other detecting system. Experiment proves that the detecting system which is preferably extensional and modular can effectively seize each state during the diffusion of Phabot and certainly detect Botnet if arranged on the main network nodes under grand meshes environment.
Unable to display preview. Download preview PDF.
- 1.Antti Nummipuro: Detecting P2P-Controlled Bots on the Host http://www.tml.tkk.fi/.
- 2.J. Kannan et al. Semi-automated discovery of application session structure. In Proc. Of ACM IMC, 2006.Google Scholar
- 3.N. Provos. A virtual honeypot framework. In Proc.of USENIX Security, 2004.Google Scholar
- 4.Hua SONG, Ping LUO, Yiqi DAI.A kind of new distributed detection method of port scan. Computer engineering and application, 2003, 39:163–167. (In Chinese).Google Scholar
- 5.Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu. The ghost in the browser: Analysis of web-based malware. In USENIX First Workshop on Hot Topics in Understanding.Google Scholar
- 6.Jun LING, Yang CAO, Jianhua YIN, etc. Survey to intrusion detection methods based on tense knowledge model. Chinese journal of computer, 2003, 26 (11):1591–1598.Google Scholar
- 7.Lane T. Machine Learning Techniques For The Computer Security Domain Of Anomaly Detection.Purdue University, 2000.Google Scholar