Construction P2P firewall HTTP-Botnet defense mechanism
暂无分享,去创建一个
The scale of Botnet is still increasing on the Internet in recently years. If there is no corresponding solution, there will be more serious and malicious attacks in the future. HTTP Botnet uses HTTP protocol. By using the general HTTP protocol and 80 port, the attacks not only can be hidden more easily, but go through the firewall and IDS systems without detected. In this study, we use the Repeatability Standard Deviation method to detect the connection of Botnets within HTTP protocol. Furthermore, we use the JXTA P2P network to share the results we have detected, and users can compare the packets of traffic with lists of the filtering mechanism. Using P2P technique to exchange the information we have detected, users who have been infected can find the connection of HTTP Botnet servers. And uninfected users can use this information as a comparison sample, when there are new packets. Users can use it for determining whether the connections are malicious or not, to achieve the purpose of co-defensive. Lists of filtering mechanism allow the duplicated packets entered in computers, compared only one time with the large number of blacklist. By using the P2P technique, we can not only decrease the cost of implementation, but also let the network more resilient.
[1] C. Wilson. Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress , 2008 .
[2] Vinod Yegneswaran,et al. An Inside Look at Botnets , 2007, Malware Detection.
[3] Heejo Lee,et al. Botnet Detection by Monitoring Group Activities in DNS Traffic , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).
[4] Barry N. Taylor,et al. Guidelines for Evaluating and Expressing the Uncertainty of Nist Measurement Results , 2017 .