| Summary: | 碩士 === 國防大學理工學院 === 資訊科學碩士班 === 98 === In recent years, network security events were occurred frequently. They created disasters all around the world, including Spam, Internet fraud activities, and data theft, etc. Botnet was the key culprit. Therefore, how to detect Botnet is a very important issue for network security. Using IRC protocol as a communication mechanism is the most popular until now for Botnet. This thesis introduces the origin and structure of Botnet, and focuses on IRC-based Botnet. In this work, we use Testbed@TWISC to build experiment environment to collect and analyze Botnet packets, developing Botnet detection program that combine nickname similarity algorithm and private message similarity algorithm. This work, by this two network characteristics of Botnet, online monitor network packets and detect Botnet in real-time.
|
|---|
