Skip to Main Content
With the Internet crime growing, such as phishing, money mules, personal data stealing and trafficking, DDoS (Distributed Denial of Service), and other cases often heard by people from time to time. DDoS mostly uses botnet as source of attack, and distributes trojans and worms to infect hosts. Infected hosts become bots, and could be controlled by the botmaster. Botmaster uses command and control server to control bots. Because botmaster servers use dynamic types and encryption methods to communicate with bots, it's difficult to detect bots. In this research, we designed and developed a system to detect bot-like traffic and deny traffic of who looks like bots. We revised the NTOP program and integrated it with self developed perl programs. Our system will monitor the network layer and transport layer on network activities and send email/SMS to the network administrator to block suspicious botnet.