Linkage monitoring of cluster for botnet based on relevance of behavior and domain inquiry
基于行为与域名查询关联的僵尸网络聚类联动监测

Feature-based monitoring can only monitor known botnet, and monitoring methods depend heavily on the structure and the protocol of botnet used.This paper proposed botnet monitoring methods based on behavior associated with the domain name query to solve the problems. It clustered the behavior and domain name query flow of botnet utilizing related and similar characteristics exist in activities among the various bots on time and space. Proposed a linkage monitoring model on clustering. Through the collection and analysis the feedback data of DNS cache server on the test system deployed operating room in the city, it is proved that the linkage monitoring model on clustering can not only monitor the unknown botnet, but also monitoring process independent of the protocol and structure used. It has a good monitoring efficiency.