科研成果详情

Botnets are one of the most serious threats in the Internet, and thus the effective detection of the botnet becomes more and more important. In this paper, inspired by IP tracing technology, we propose a novel botnet detection method that can analyze the data packets, based on graph structure clustering. This method analyzes the comprehensive information of packages content and timestamp flow. Such a capability is achieved by improving the HEMST (Hierarchical Euclidean Minimum Spanning Tree) clustering algorithm. It performs a similarity matching process to find the sender of each cluster that is the controlled host in botnet. Experimental results show that the clustering correct rate can reach to 97% which demonstrates the effectiveness of our method, having a better detection rate.