SYSTEM AND METHOD FOR BOTNET DETECTION USING TRAFFIC ANALYSIS OF NON-IDEAL DOMAIN NAME SYSTEM

摘要

PURPOSE: A botnet detecting system and method thereof are provided to analyze the DNS(Domain Name Service) request traffic of the classified traffic by classifying the traffic of a botnet detecting target network. CONSTITUTION: A botnet detecting system includes a TCE(Botnet Collection Sensor), the GAE, and a DNS analysis engine. The TCE filters and collects the traffic of a botnet detection target network. The GAE(Group Analysis Engine) groups the traffic according to each destination by using the IP(Internet Protocol) traffic information of the filtered traffic. The DNS analysis engine detects abnormal DNS and fast-flux by using the DNS traffic information of the filtered traffic.