A Distributed Botnet Detecting Approach Based on Traffic Flow Analysis

Author

Li Sheng ; Liu Zhiming ; He Jin ; Deng Gaoming ; Huang Wen

Author_Institution

Northern Electron. Instrum. Inst., Beijing, China

fYear

2012

fDate

8-10 Dec. 2012

Firstpage

124

Lastpage

128

Abstract

Bonnet is extremely harmful to computer network security which could cause many network attacks(like spam, DDoS, phishing etc). In this paper, we design a distributed Bonnet detecting approach based on network traffic analysis. A botnet detection framework is proposed, which composed of two sections: Data Collection and Filter, Bonnet Detection and Identify. The first section is deployed in distributed hosts in order to capture network traffic data, filter data and classify data. The second section is deployed in centralized place which collectes all data from distributed hosts and detected the botnet using data amalgamation algorithms and characteristic identified algorithms. The detecting approach works efficiently and can detect botnet in the experiment environment.

Keywords

computer network security; telecommunication traffic; computer network security; data amalgamation algorithms; data collection; data filter; distributed botnet detecting approach; network attacks; traffic flow analysis; Correlation; Data collection; Data integration; Distributed databases; Law; Local area networks; Telecommunication traffic; botnet; botnet detection framework; detecting approach; traffic flow analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2012 Second International Conference on

Conference_Location

Harbin

Print_ISBN

978-1-4673-5034-1

Type

conf

DOI

10.1109/IMCCC.2012.36

Filename

6428868