Design And Implementation Of Botnet Detection System On Windows Platforms

Every year, millions of computers in our country join the botnet according to 《2013China Internet Security Report》. They are controlled by foreign master, which lead our country to suffer billions of economic losses and even national security. With the rapid development of botnet, the internet has been facing the growing and disastrous threats, and these threats can disable the infrastructure and cause the financial damages. Research on the botnet detection in china there is still a certain gap compared with foreign. Detection methods mostly depend on the acquisition program, and analyze it by reverse-engineer, this methods is effective only after bot spread globally.In this thesis, the author studied and analyzed the typical botnet detection technology on windows platforms, includes the evolution process, concept, functional structure and Command and Control Mechanism. We summarized botnet detection technology, and designed rely on the proven technology. The primary innovative works in this thesis are presented as follows:(1) The typical IRC, HTTP and P2P botnet principle, life cycle and command and control mechanisms is analyzed. Analyze and extract the characteristics of botnet hosts and traffic, summarized the development trend of botnets.(2) The existing botnet detection techniques are summarized. In this basis, the proposed multi-source data collection technology, sample and flow jointly identify technology, automated analysis techniques and generic detection techniques based on the spatial-temporal synchronization and similarity.(3) Design and Implementation of Botnet Detection System on Windows Platforms. By taking a full consideration to the needs of rationality and efficiency, design a C/S structure detection system framework, detailed design and implementation of logic composition of each subsystem. Finally, the whole system is verified by experiments.