Construction P2P firewall HTTP-Botnet defense mechanism

The scale of Botnet is still increasing on the Internet in recently years. If there is no corresponding solution, there will be more serious and malicious attacks in the future. HTTP Botnet uses HTTP protocol. By using the general HTTP protocol and 80 port, the attacks not only can be hidden more easily, but go through the firewall and IDS systems without detected. In this study, we use the Repeatability Standard Deviation method to detect the connection of Botnets within HTTP protocol. Furthermore, we use the JXTA P2P network to share the results we have detected, and users can compare the packets of traffic with lists of the filtering mechanism. Using P2P technique to exchange the information we have detected, users who have been infected can find the connection of HTTP Botnet servers. And uninfected users can use this information as a comparison sample, when there are new packets. Users can use it for determining whether the connections are malicious or not, to achieve the purpose of co-defensive. Lists of filtering mechanism allow the duplicated packets entered in computers, compared only one time with the large number of blacklist. By using the P2P technique, we can not only decrease the cost of implementation, but also let the network more resilient.