Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018 (2018), Article ID 4723862, 13 pages
https://doi.org/10.1155/2018/4723862
Research Article

Detecting P2P Botnet in Software Defined Networks

Department of Computer Science, National Chiao Tung University, Hsinchu 30050, Taiwan

Correspondence should be addressed to Shi-Chun Tsai; wt.ude.utcn.sc@iastcs

Received 21 January 2017; Revised 24 July 2017; Accepted 20 August 2017; Published 29 January 2018

Academic Editor: Jesús Díaz-Verdejo

Copyright © 2018 Shang-Chiuan Su et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. Z. Abaidy, M. Rezvani, and S. Jha, “MalwareMonitor: An SDN-based framework for securing large networks,” in Proceedings of the 2014 ACM CoNEXT Student Workshop, pp. 40–42, aus, December 2014. View at Publisher · View at Google Scholar · View at Scopus
  2. S. S. C. Silva, R. M. P. Silva, R. C. G. Pinto, and R. M. Salles, “Botnets: A survey,” Computer Networks, vol. 57, no. 2, pp. 378–403, 2013. View at Publisher · View at Google Scholar · View at Scopus
  3. M. Stevanovic and J. M. Pedersen, “An efficient flow-based botnet detection using supervised machine learning,” in Proceedings of the International Conference on Computing, Networking and Communications (ICNC '14), pp. 797–801, IEEE, February 2014. View at Publisher · View at Google Scholar · View at Scopus
  4. S. Shin, Z. Xu, and G. Gu, “EFFORT: efficient and effective bot malware detection,” in Proceedings of the IEEE Conference on Computer Communications (INFOCOM '12), pp. 2846–2850, Orlando, Fla, USA, March 2012. View at Publisher · View at Google Scholar · View at Scopus
  5. B. Rahbarinia, R. Perdisci, A. Lanzi, and K. Li, “PeerRush: Mining for unwanted P2P traffic,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 7967, pp. 62–82, 2013. View at Publisher · View at Google Scholar · View at Scopus
  6. S. Guntuku, P. Narang, and C. Hota, “Real-time Peer-to-Peer Botnet Detection Framework based on Bayesian Regularized Neural Network,” CoRR 2013.
  7. M. Stevanovic and J. M. Pedersen, “Machine learning for identifying botnet network traffic,” Tech. Rep., Aalborg University, Aalborg, Denmark, 2013. View at Publisher · View at Google Scholar · View at Scopus
  8. P. Narang, S. Ray, C. Hota, and V. Venkatakrishnan, “PeerShark: Detecting peer-to-peer botnets by tracking conversations,” in Proceedings of the 2014 IEEE Computer Society's Security and Privacy Workshops, SPW 2014, pp. 108–115, usa, May 2014. View at Publisher · View at Google Scholar · View at Scopus
  9. S. Saad, I. Traore, A. Ghorbani et al., “Detecting P2P botnets through network behavior analysis and machine learning,” in Proceedings of the 9th Annual International Conference on Privacy, Security and Trust (PST '11), pp. 174–180, IEEE, Montreal, Canada, July 2011. View at Publisher · View at Google Scholar · View at Scopus
  10. X. Hu, M. Knysz, and K. G. Shin, “Measurement and analysis of global IP-usage patterns of fast-flux botnets,” in Proceedings of the IEEE INFOCOM 2011, pp. 2633–2641, chn, April 2011. View at Publisher · View at Google Scholar · View at Scopus
  11. L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, and C. Kruegel, “Disclosure: Detecting botnet command and control servers through large-scale NetFlow analysis,” in Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 129–138, usa, December 2012. View at Publisher · View at Google Scholar · View at Scopus
  12. F. Hu, Q. Hao, and K. Bao, “A survey on software-defined network and OpenFlow: from concept to implementation,” IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 2181–2206, 2014. View at Publisher · View at Google Scholar · View at Scopus
  13. Y. Jarraya, T. Madi, and M. Debbabi, “A survey and a layered taxonomy of software-defined networking,” IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 1955–1980, 2014. View at Publisher · View at Google Scholar · View at Scopus
  14. D. Kreutz, F. M. V. Ramos, P. E. Verissimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, “Software-defined networking: a comprehensive survey,” Proceedings of the IEEE, vol. 103, no. 1, pp. 14–76, 2015. View at Publisher · View at Google Scholar · View at Scopus
  15. N. McKeown, T. Anderson, H. Balakrishnan et al., “OpenFlow: enabling innovation in campus networks,” Computer Communication Review, vol. 38, no. 2, pp. 69–74, 2008. View at Publisher · View at Google Scholar
  16. D. Kreutz, F. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN '13), pp. 55–60, Hong Kong, China, August 2013. View at Publisher · View at Google Scholar
  17. A. Zaalouk, R. Khondoker, R. Marx, and K. Bayarou, “OrchSec: an orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions,” in Proceedings of Network Operations and Management Symposium (NOMS '14), pp. 1–9, IEEE, Krakow, Poland, May 2014. View at Publisher · View at Google Scholar · View at Scopus
  18. K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments,” Computer Networks, vol. 62, pp. 122–136, 2014. View at Publisher · View at Google Scholar · View at Scopus
  19. “sFlow: Sampled flow,” http://www.sflow.org/.
  20. R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Proceedings of the 35th Annual IEEE Conference on Local Computer Networks (LCN '10), pp. 408–415, Denver, Colo, USA, October 2010. View at Publisher · View at Google Scholar · View at Scopus
  21. S.-C. Su, Detecting P2P Botnet in Software Defined Network, National Chiao Tung University, Hsinchu, Taiwan, 2015.
  22. J. Leonard, S. Xu, and R. Sandhu, “A framework for understanding botnets,” in Proceedings of the International Conference on Availability, Reliability and Security, ARES 2009, pp. 917–922, jpn, March 2009. View at Publisher · View at Google Scholar · View at Scopus
  23. “OpenFlow Switch Specification Version 1.3.0,” https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.3.0.pdf.
  24. “NETMATE: Network Measurement and Accounting System,” http://archive.li/6y1im.
  25. R. Alshammari and A. Nur Zincir-Heywood, “A flow based approach for SSH traffic detection,” in Proceedings of the 2007 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2007, pp. 296–301, can, October 2007. View at Publisher · View at Google Scholar · View at Scopus
  26. P. Narang, J. M. Reddy, and C. Hota, “Feature selection for detection of peer-to-peer botnet traffic,” in Proceedings of the 6th ACM India Computing Convention: Next Generation Computing Paradigms and Technologies, Compute 2013, ind, August 2013. View at Publisher · View at Google Scholar · View at Scopus
  27. “scikit-learn: Machine Learning in Python,” http://scikit-learn.org/.
  28. “K Nearest Neighbor Algorithm,” http://en.wikipedia.org/wiki/K-nearest_neighbors_algorithm.
  29. “Representational State Transfer,” http://en.wikipedia.org/wiki/Representational_state_transfer.
  30. “OpenStack: Open source software for creating private and public clouds,” http://www.openstack.org/.
  31. “Libvirt: The virtualization API,” http://libvirt.org/.
  32. “KVM: A Full Virtualization Solution for Linux on x86 Hardware Containing Virtualization Extensions (Intel VT or AMD-V),” http://www.linux-kvm.org/page/Main_Page.
  33. “Open vSwitch: Production Quality, Multilayer Open Virtual Switch,” http://openvswitch.org/.
  34. “A Component-based Software Defined Networking Framework,” http://osrg.github.io/ryu/.
  35. “TcpReplay: Replay The Traffic Back Onto The Network,” http://tcpreplay.synfin.net/.
  36. “The Honeynet Project,” http://www.honeynet.org/project.
  37. R. Alshammari and A. N. Zincir-Heywood, “Machine learning based encrypted traffic classification: Identifying SSH and Skype,” in Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, can, July 2009. View at Publisher · View at Google Scholar · View at Scopus
  38. M. Graham, A. Winckles, and E. Sanchez-Velazquez, “Botnet detection within cloud service provider networks using flow protocols,” in Proceedings of the 13th International Conference on Industrial Informatics, INDIN 2015, pp. 1614–1619, gbr, July 2015. View at Publisher · View at Google Scholar · View at Scopus
  39. “SOT: combination of several existing publicly available malicious and non-malicious datasets,” ISOT Research Lab, http://www.uvic.ca/engineering/ece/isot/datasets/.
  40. N. Gude, T. Koponen, and J. Pettit, “NOX: towards an operating system for networks,” Computer Communication Review, vol. 38, no. 3, pp. 105–110, 2008. View at Publisher · View at Google Scholar
  41. P. Phaal, “sFlow Specification Version 5,” 2004.
  42. U. Wijesinghe, U. Tupakula, and V. Varadharajan, “Botnet detection using software defined networking,” in Proceedings of the 2015 22nd International Conference on Telecommunications, ICT 2015, pp. 219–224, aus, April 2015. View at Publisher · View at Google Scholar · View at Scopus
  43. Q. Yan, F. R. Yu, Q. X. Gong, and J. Q. Li, “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 602–622, 2016. View at Publisher · View at Google Scholar · View at Scopus