P2P Botnet Traffic Analysis and Identification

• Main Authors: LiZhong Deng, 鄧立忠
• Other Authors: Wernhuar Tarng
• Format: Others
• Language: zh-TW
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/12410425287795271638

碩士 === 國立新竹教育大學 === 資訊科學研究所 === 99 === The Internet has become an indispensable part of the human life and it provides us with convenient services, for example, searching for information, using auction website, playing online game, and so on. Due to its convenience, hackers are trying to commit crimes to obtain some benefits. Therefore, network security has become a important issue of research area today. Usually, crackers use a variety of methods to achieve the purpose of attacks, for example, Distributed Denial of Service (DDOS) and spam mail. These methods require a large number of computers to achieve the goal; hence crackers must spread malicious software to infect the computers with lower defending mechanisms. The infected computers will become the zombies in the botnets controlled by the crackers.Thus, it is an important subject in network security to detect and defend the botnets.Among them, the Peer-to-Peer (P2P) botnet is a new type of botnets with every zombie as a peer controlled cracker and thus the defending is more difficult. The object of this research is to find out the traffic flows produced by known or unknown malicious software for defending the P2P botnet. Base on the analysis of P2P network’s connection flows and their package patterns, a mechanism containing six stages is proposed to identify P2P botnet traffics and locate the zombies, and the objective is to restrain these computers from further infection.