Botnets are extremely versatile programs used in many network attacks, such as sending large volumes of spam or launching Distributed Denial-of-Service (DDoS) attacks. Botnets can switch command-and-control servers automatically, which makes completely suppressing botnets very challenging. In this paper, we present a collaborative botnet suppression system based on an overlay network, with one control center node and several suppression nodes. The suppression nodes automatically collect network traffic information and deploy suppression rules; the control center node gathers all collected data, and processes this data by using a botnet detection algorithm. Once botnets are detected, the control center node generates and distributes suppression rules. In order to prevent an excessive growth of the rules set, the system automatically identifies and removes invalid rules through an efficient feedback mechanism.

• 出版日期2012
• 单位清华大学