Abstract
Most of DDoS(Distributed Denial of Service) attacks use botnets as the carrier, which has become one of the serious threat to Internet. However, botnet detection is difficult in backbone because C&C(command & control channel) is blended into the heavy background traffic. This paper proposed a method for locating botnet by DDoS activity data analysis and DPI(Deep Packet Inspection) technology. The DDoS attack traffic is sampled to locate suspicious hosts firstly, then the hosts' packets are collected and analyzed by DPI technology with some DDoS parameters, such as victim, start time of the attack etc. for finding C&C and Servers. This detection model has been implemented, named BTS (Botnet tracking system) at a POP of CERNET. The tests showed the practicability of this model.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
