CHEN Ruidong,ZHAO Lingyuan,ZHANG Xiaosong
A Botnet that combining worms,backdoors,and Trojans has become the backing of Advanced Persistent Threat(APT) attacks because it can be used by attackers to send spam,perform denial of service attacks,and steal sensitive information.Existing Botnet detection methods are mostly limited to specific Botnet types and cannot effectively process data near the boundary.Therefore,a Botnet identification method based on network traffic similarity is proposed.This method does not rely on packet content and can handle encrypted traffic.By extracting the statistical features of the data stream and the packet,each feature is fuzzy clustered,the feature boundary of the fuzzy category is discriminated,and the Botnet traffic is judged based on the principle of maximum affiliation degree.According to the support degree and confidence degree,associate rules are filtered to determine the specific Botnet type.Experimental results show that the method can effectively identify Botnet traffic and predict the type of Botnet.