||Botnet is the biggest threaten now. Botmasters inject bot code into normal computers so that computers become bots under control by the botmasters. Every bot connect to the botnet coordinator called Command and control server (C&C), the C&C delivers commands to bots, supervises the states of bots and keep bots alive. When C&C delivers commands from the botmasters to bots, bots have to do whatever botmasters want, such as DDoS attack, sending spam and steal private information from victims. If we can detect where the C&C is, we can prevent people from network attacking.|
Ant Colony Optimization (ACO) studies artificial systems that take inspiration from the behavior of real ant colonies and which are used to solve discrete optimization problems. When ants walk on the path, it will leave the pheromone on the path; more pheromone will attract more ants to walk. Quick convergence and heuristic are two main characteristics of ant algorithm, are adopted in the proposed approach on finding the C&C node.
According to the features of connection between C&C and bots, ants select nodes by these features in order to detect the location of C&C and take down the botnet.