Research of Botnet Intrusion Detection Technology Based on the Flow

  • Ling Jia
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 207)


In view of the current Botnet attack turning frequently, this paper analysis the double-stage propagation model of intelligent botnet, and puts forward a botnet detection method. This method adopts the concept of flow; for the first stage of the propagation, the paper puts forward the small flow filtering method, and reduces the number of flows needed to detect deeply effectively; for the second stage of the propagation, the paper adopts the thought of flow call-back, and detect each suspicious IP on the terminal router when botnet attacks cause network congestion, and then ensure the detection of botnet in real time.


Flow Botnet Detection Small flow filtering Flow call-back 


  1. 1.
    Dagon D (2006) Modeling botnet propagation using time zones. In: 13th annual network and distributed system security symposium, vol 328. San Diego, pp 235–249Google Scholar
  2. 2.
    Provos NA (2004) Virtual honeypot framework. In: Proceedings of 13th USENIX security symposium, vol 293. San Diego, pp 127–131Google Scholar
  3. 3.
    Zou C, Cunningham R (2007) Honeypot-aware advanced botnet construction and maintenance. In: The international conference on dependable systems and networks, vol 321, Philadelphia, pp 199–208Google Scholar
  4. 4.
    Ping L, Xun Y (2008) A network traffic classification algorithm based on flow statistical characteristics. J Beijing Univ Posts Telecommun 31(2), 23:15–19Google Scholar
  5. 5.
    Mingjiang Y, Ke X, Jianping W (2009) Auto sig-automati-cally generating signatures for applications. In: IEEE international conference on computer and information technology, vol 234. Xiamen, pp 104–109Google Scholar

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  1. 1.The Chinese People’s Armed Police Force AcademyLangfangChina

Personalised recommendations