Project Description
Botnet Surveillance System, a fast, secure, fault tolerant backend infrastructure to deal with nodes which
crawl the internet to get information about the vulnerabilities of network end points (or nodes). Nodes already contain peer to peer botnet
like sality. It uses also DNS based load balancer. Input and output
are based on a 'Disruptor' technology which can handle 6 million client per minute. The whole system consist of saveral parts:
- Distributed Server: Authenticates Clients first and then accept requests from client, process it, send it to crawler
- Crawler: Part of central server. It does crawling of botnet across the internet and makes neighbour list
- Logger: Saves all crawl data, creates overlay graph of connected nodes
- Algorithm Choice section: We can choose between FIFO, LIFO, LYCA as the algorithm for crawling among nodes
- Client: There can be many clients. They send botnet info to server and accepts the list of new bots to crawl. JSON is used for communication between Server and Client
- Persistant Database server: We use MongoDB server to store all logs and crawled data
- MainMenory Database:
Used as communication medium between different parts of server.
- Web Visualization: Resides at the link down bellow. It grabd data from MongoDB server and shows current/previous crawling data
All server parts are deployed using docker.
Client
TK Dept (Telecooperation), TU Darmstadt
Technology