Design And Implementation Of Anti/Detection System Of Botnet

A botnet is a kind of malicious network that the controller can control a large number of infected computers through a zombie program.The malicious controller can use the network to send spam, malicious attacks, and other malicious acts. Modern botnet uses P2P distributed protocol for node communication to ensure the privacy of communication and command channels, which makes botnets one of the most serious threats in the history of the Internet. At present, the discussion of P2P botnet is often focused on the analysis of its survival model, yet has not developed a highly effective botnet detection technology.For new botnets, the existing detection system must have a priori knowledge that can detect only a few botnets. This paper first introduces the basic understanding of the botnet in the current academic circles,gives the definition of botnet and the mainstream technology of detecting the botnet, and analyzes its advantages and disadvantages. After analyzing the communication traffic characteristics and structural characteristics of several common zombies, the general characteristics of botnet are obtained. Finally, a detection system for semi-distributed botnets is designed. The system includes a capture module, a malicious traffic detection module, a data storage module, a counter module and a result output module. The malicious traffic detection module includes two kinds of detection engine, traffic macroscopic characteristic detection engine and malicious feature detection engine. The traffic macroscopic characteristic detection engine analyzes the zombie traffic from the two angles of space and time, filters the data synchronization time and the packet size, The FCM clustering algorithm is used to detect the suspect nodes, and then the zombie nodes are further screened by using the network structure. This method does not need to analyze the specific communication content, but it is not restricted by the communication protocol under the premise of ensuring high correctness. The Deep Packet Detection module identifies the known zombie program by extracting the zombie program by extracting the feature word of the communication packet. Counter module for malicious traffic detection module test results to counter, reduce the botnet hazards.This article has achieved good results by using a variety of zombie programs to verify the effectiveness of the system.