Developments in computer networking have raised concerns of the associated Botnets threat to the Internet security. Botnet is an inter-connected computers or nodes that infected with malicious software and being controlled as a group without any permission of the computer’s owner. This paper explores how network traffic characterising can be used for identification of botnet at local networks. To analyse the characteristic, behaviour or pattern of the botnet in the network traffic, a proper network analysing tools is needed. Several network analysis tools available today are used for the analysis process of the network traffic. In the analysis phase, the botnet detection strategy based on the signature and DNS anomaly approach are selected to identify the behaviour and the characteristic of the botnet. In anomaly approach most of the behavioural and characteristic identification of the botnet is done by comparing between the normal and anomalous traffic. The main focus of the network analysis is studied on UDP protocol network traffic. Based on the analysis of the network traffic, the following anomalies are identified, anomalous DNS packet request, the NetBIOS attack, anomalous DNS MX query, DNS amplification attack and UDP flood attack. This study, identify significant Botnet characteristic in local network traffic for UDP network as additional approach for Botnet detection mechanism.

Bot; Botmaster; Botnet; P2P; Peer to peer network; UDP; UDP botnet; UDP protocol