The Research of Botnet Detection and ManagementScheme – Case Study of A Government Agency

• Main Authors: Chung-Shan Kuo, 郭忠山
• Other Authors: Chang-Shiann Wu
• Format: Others
• Language: zh-TW
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/kcp727

碩士 === 國立虎尾科技大學 === 資訊管理研究所 === 99 === With the progress of the times, network technology brings the convenience and efficiency. It has also brought crime and malicious acts relatively. Today the increasing cyber crime, such as data theft, DDoS attacks, the money mule, spam and phishing, are often heard from time to time. Zombie network is the driving force behind the scenes. Public authority network has hundreds of computers. If infected with a zombie botnet network, the government agency suffers huge losses and can not be estimated. This paper attempts to use zombie networks and transmission characteristics to detect bot-like activities in government agency. Using freeware-Open Audit and SharpPcap library to write sniffer for network traffic monitoring, and to provide public warning message when infected. This allows officials to take immediate disposal to prevent further disaster. List of hosts with suspected infection is presented to IT staff by e-mail and web. To avoid damage in botnet experiments, simulation is built and performed on Testbed@TWISC based on the Emulab system.