Fast Deployment of Botnet Detection Based on Traffic Monitoring

碩士 === 高雄師範大學 === 資訊教育研究所 === 98 === With the Internet crime growing, such as phishing, money mules, personal data stealing and trafficking, DDoS, and other cases often heard by people from time to time. DDoS mostly uses Botnet as source of attack, and distributes trojans and worms to infect hosts....

Full description

Bibliographic Details
Main Authors: Kuang-Li Ting, 丁光立
Other Authors: Chung-Huang Yang
Format: Others
Language:zh-TW
Published: 2010
Online Access:http://ndltd.ncl.edu.tw/handle/91599875020295065477
Description
Summary:碩士 === 高雄師範大學 === 資訊教育研究所 === 98 === With the Internet crime growing, such as phishing, money mules, personal data stealing and trafficking, DDoS, and other cases often heard by people from time to time. DDoS mostly uses Botnet as source of attack, and distributes trojans and worms to infect hosts. Infected hosts become bots, and could be controlled by the botmaster. Botmaster uses command and control server to control bots. Because botmaster servers use dynamic types and encryption methods to communicate with bots, it's difficult to detect bots. In this research, we designed and developed a system to detect bot-like traffic and deny traffic of who looks like bots. We revised the ntop program and integrated it with self developed Perl programs. Our system will monitor the network layer and transport layer on network activities and send email/SMS to the network administrator to block suspicious Botnet.