Botnet Victim Detection and Notification based on Openflow Switch

• Main Authors: Shi-Jia Peng, 彭士家
• Other Authors: Li-Ming Tseng
• Format: Others
• Language: zh-TW
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/58225684182753417397

碩士 === 國立中央大學 === 資訊工程研究所 === 98 === Over the years, the network developed quickly and constantly. Because the rise of trade networks, data on the network become more and more important. Unfortunately, the rise of internet crime became a big problem at the same time such as Botnet. Botnet have hidden attackers, and the characteristics of high flexibility, but also an ability to control multiple computers. This paper describes the IRC-based botnet. First, we explain the botnet behavior and the hard to solve problems for security officer. Then we introduced the NetFPGA card developed by the Stanford University and explained the openflow project features and advantages. These devices are used as a linux gateway to be an efficient firewall. This paper use the NetFPGA card and openflow network project designed by Stanford University to detect bot in the botnet. Assume that normal users browser web everyday, we use openflow switch redirect the bot traffic to a particular page that show the warning information. Then through the network disconnected strategy, we try to let the user know the necessity and urgency.