| Summary: | 碩士 === 國立成功大學 === 電腦與通信工程研究所 === 102 === There are lots of convenient service developed for human with the growth of the Internet in recent years, but users usually ignore the network security issues. Among all current network security issue, Botnet have been the biggest threat. Botnet is a group composed of the infected computer. Botmaster uses these computer for illegal behavior. In order to increase the survival rate of Botnet and prevent them from being detected by defenders, the DGA Botnet are generated. Every Bot generate large amounts of domain and change C&C Server frequently to avoid detecting. There are a lot of domain query when change C&C Server. Base on the group behavior, we can cluster them together. Finally detecting the DGA Botnet from the group query structure. This research only require DNS log in one hour, then detect a variety of DGA Botnet. The results show that there are at least 3 kinds of DGA Botnet on the NCKU campus network. In conclusion, the research can detect Botnet to prevent malicious attacks and protect the user’s information security.
|
|---|
