||Up to now, botnet had been growing up rapidly and strongly.|
Whereas in the past, botnets worked through IRC (Internet Relay Chat)
protocol to manipulate the bot clients and use bot clients to paralyze the
internet or gain tremendous profit by illegal operation such as DDoS,
Spam, sniffer traffic...etc. Also, since the IRC is the key communication
protocol for botnets. The best way to prevent it is to deny all IRC
packets. But, these days, the main activity of all users is to surfing on
the websites, users can’t deny all internet traffic to defense botnet.
Therefore, botnet is evolved to be the web-based botnet because uses
will accept all internet (http/port 80) traffic. That is, we could not defense
the web-based botnet by refusing the IRC traffic anymore. That
is why the existence and emergence of web-based botnet recently.
The objective of this thesis is to find the C&C server IP address
of the web-based botnet. The way to develop analysis modules is based
on the knowledge of botnets and the result of compare communication
pattern between bot clients with C&C server and web server with uses.
By observing the differences of communication pattern and the packet’
s information such as the average bytes of packets, access count and
number of access host group within unit time…etc. Further, by referring
to these data, we could be able to provide a baseline value to distinguish
normal or abnormal web traffic. In sum, we try to get the real world
results, so we collect the real traffic and use our modules to find the
C&C Server IP address of web-based botnets.
|| Top 10 Countries with the Most Number of Botnet C&C Servers.|
Trend Micro Incorporated.,2013
 McAfee Threats Report: Second Quarter 2013. McAfee,Inc.,2013.
 什麼是殭屍網路/傀儡網路Botnet？ TREND 雲端運算安全趨勢
 吳俊達,Botnet 殭屍網路：無聲的主流威脅恐使電腦使用者成罪犯
TREND 雲端運算安全趨勢BLOG 部落格,2009.
 Vitaly Kamluk, The botnet business www.securelist.com,2008.
 Botnets 101 What They Are and How to Avoid Them FBI,2013.
 NetFlow Services Solutions GuideCisco,2007.
 Know Your Enemy:Honeynets 2006.
 Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai Web Botnet Detection
Based on Flow Information Department of Information Management,
National Sun Yat –Sen University, Kaohsiung, Dec. 2010.
 K. Wang et al.A fuzzy pattern-based filtering algorithm for botnet
detection Comput. Netw. (2011)
 B. McCarty. Botnets: big and bigger IEEE Security and Privacy 1
 C. Livadas, R. Walsh, D. Lapsley, W.T. Strayer. Usilng machine
learning technliques to identify botnet traffic in: Proceedings of the
31st IEEE Conference on Local Computer Networks, IEEE, 2006,
 H. Choi, H. Lee, H. Lee, H. Kim. Botnet detection by monitoring
group activities in DNS traffic in: Proceedings of the 7th IEEE
International Conference on Computer and Information Technology,
 Frederic Giroire, Jaideep Chandrashekar, Nina Taft, Eve Schooler,
Dina Papagin-naki. Exploiting Temporal Persistence to Detect
Covert Botnet Channels Recent Advances in Intrusion Detection,
 Peter Wurzinger and Leyla Bilge. Automatically Generating Models
for Botnet Detection European Symposium on Research in Computer
 Guofei Gu, Junjie Zhang, Wenke Lee. BotSniffer: Detecting Botnet
Command and Control Channels in Network Traffic Network and
Distributed System Security,2007.
 Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee. BotMiner:
Clustering Analysis of Network Traffic for Protocol- and Structure-
Independent Botnet Detection Proceedings of the 17th conference
on Security symposium, 2008.
 Yuanyuan Zeng, Xin Hu, Kang Shin. Detection of Botnets Using
Combined Host and Network-Level Information International Conference
on Dependable Systems & Networks, 2008.