**5. Conclusions**

At present, various cyberattacks based on Botnet are the most serious security threats to the Internet. As Botnet continue to evolve and behavioral research on Botnet is inadequate, the question of how to apply some behavioral problems to Botnet research and combine the psychology of the operator to analyze the future trend of Botnet is still a continuous and challenging issue.

Botnet is a common computing platform which can be controlled remotely by attackers by invading several noncooperative user terminals in the network space. It is an attacking platform consisting of multiple Bots controlled by a hacker. The behavior of Botnet is also controlled by the hacker, rather than being controlled by certain code logic, which also makes it difficult to locate and predict the Botnet attack. The Botnet is developed in two phases: it was the primary virus and worm in the first phase, and it transformed into Botnet platform in the second phase. The virus attack has the characteristic of integration. Botnet is different, the control command of Botnet is issued by separate C&C server, and the attack and invasion are completed by the controlled hosts.

Botnet has many types of classification, and it can be divided into centralized Botnet and distributed Botnet according to different operating principles. The difference is that there is only one C&C server in the entire network platform for the centralized Botnet, and the infected nodes also communicate with each other in the distributed Botnet.

The attack process of the Botnet is mainly divided into six phases: in the first phase, Botnet will spread through various traditional viruses or worms; in the second phase, the Bot begins to download the entire Botnet program; in the third phase, the Bot contacts Botnet controller; in the fourth phase, the Bot is authenticated, and the authenticated Bot can join the Botnet group; in the fifth phase, C&C communication

### *Computer Security Threats*

between Botnet and Bot will start to receive information sent by the hacker; and in the sixth phase, the Botnet launches an attack based on commands sent by the hacker.

The Botnet is popular all over the world, which poses a huge threat to the global Internet and the Internet of Things. DDoS attack is still one of the largest Internet security threats in the world, and the DDoS attacks are mainly launched by Botnet.
