Skip to main content
SpringerLink
Log in

BotGuard: Lightweight real-time botnet detection in software defined networks

  • Security of Network and Trust Computation
  • Published:
Wuhan University Journal of Natural Sciences

Abstract

The distributed detection of botnets may induce heavy computation and communication costs to network devices. Each device in related scheme only has a regional view of Internet, so it is hard to detect botnet comprehensively. In this paper, we propose a lightweight real-time botnet detection framework called Bot-Guard, which uses the global landscape and flexible configurability of software defined network (SDN) to identify botnets promptly. SDN, as a new network framework, can make centralized control in botnet detection, but there are still some challenges in such detections. We give a convex lens imaging graph (CLI-graph) to depict the topology characteristics of botnet, which allows SDN controller to locate attacks separately and mitigate the burden of network devices. The theoretical and experimental results prove that our scheme is capable of timely botnet detecting in SDNs with the accuracy higher than 90% and the delay less than 56 ms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. McCarty B. Botnets: Big and bigger [J]. IEEE Security & Privacy Magazine, 2003, 1:87–90.

    Article  Google Scholar 

  2. Langner R. Stuxnet: Dissecting a cyberwarfare weapon [J]. IEEE Security & Privacy Magazine, 2011, 9: 49–51.

    Article  Google Scholar 

  3. Ormerod T, Wang L, Debbabi M, et al. Defaming botnet toolkits: A bottom-up approach to mitigating the threat [C] // The 4th International Conference on Emerging Security Information, Systems and Technologies. Los Angeles: IEEE Press, 2010:195–200.

    Google Scholar 

  4. Christiaan B, Carlos C, Cedric C, et al. Mcafee labs threat report [EB/OL].[2016-03-21]. http://www.mcafee.com/us/ resources/reports/rp-threats-predictions-2016.pdf.

  5. Khattak S, Ahmed Z, Syed A A, et al. BotFlex: A community-driven tool for botnet detection [J]. Network and Computer Applications, 2015, 58: 144–154.

    Article  Google Scholar 

  6. Gu G F, Porras P, Yegneswaran V, et al. BotHunter: Detecting malware infection through IDS-driven dialog correlation [C] // The 16th USENIX Security Symposium on USENIX Security Symposium. Berkeley: USENIX Association, 2007:1–16.

    Google Scholar 

  7. Haq O, Abaid Z, Bhatti N, et al. SDN-inspired, real-time botnet detection and flow-blocking at ISP and enterprise-level [C] // IEEE International Conference on Communications. New York: IEEE Press, 2015: 5278–5283,.

    Google Scholar 

  8. Wijesinghe U, Tupakula U, Varadharajan V. Botnet detection using software defined networking [C] // International Conference on Telecommunications. New York: IEEE Press, 2015: 219–224.

    Google Scholar 

  9. García S, Zunino A. Campo M. Survey on network-based botnet detection methods [J]. Security & Communication Networks, 2014, 7(5): 878–903.

    Article  Google Scholar 

  10. Mahmoud M, Nir M, Matrawy A, et al. A survey on botnet architectures, detection and defenses [J]. International Journal of Network Security, 2015, 17:1–18.

    Google Scholar 

  11. Bailey M, Cooke E, Jahanian F, et al. A survey of botnet technology and defenses [C] // Cyber Security Applications & Technology Conference for Homeland Security. Los Alamitos: IEEE Press, 2009: 299–304.

    Google Scholar 

  12. Tegeler F, Fu X, Vigna G, et al. BotFinder: Finding bots in network traffic without deep packet inspection [C] // Proc 8th International Conference on Emerging Networking Experiments and Technologies. New York: ACM Press, 2012: 349–360.

    Chapter  Google Scholar 

  13. Gu G F, Yegneswaran V, Porras P, et al. Active botnet probing to identify obscure command and control channels [C] // Proc the 2009 Annual Computer Security Applications Conference. Los Alamitos: IEEE Press, 2009: 241–253.

    Chapter  Google Scholar 

  14. Gu G F, Zhang J, Lee W. BotSniffer: Detecting botnet command and control channels in network traffic [C]// Network & Distributed System Security Symposium. San Diego: NDSS, 2008:1–19.

    Google Scholar 

  15. Gu G F, Perdisci R, Zhang J, et al. BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection [C] // Proc the 17th Conference on Security Symposium. San Diego: NDSS, 2008: 139–154.

    Google Scholar 

  16. Franois J, Wang S, State R, et al. BotTrack: Tracking botnets using NetFlow and PageRank [C] // International Ifip Tc 6th Networking Conference. Berlin: Springer-Verlag, 2011: 1–14.

    Google Scholar 

  17. Casado M, Freedman M J, Pettit J, et al. Ethane: Taking control of the enterprise [C] //Proc the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. New York: ACM Press, 2007: 1–12.

    Google Scholar 

  18. Scott-Hayward S, Natarajan S, Sezer S. A survey of security in software defined networks [C] // IEEE Communications Surveys & Tutorials. Los Alamitos: IEEE Press, 2016: 623–654.

    Google Scholar 

  19. Scott-Hayward S, O’Callaghan G, Sezer S. SDN security: A survey [C] // Future Networks & Services. Los Alamitos: IEEE Press, 2013: 1–7.

    Google Scholar 

  20. Xia W, Wen Y, Foh C H, et al. A survey on software-defined networking [C] // IEEE Communications Surveys & Tutorials. Los Alamitos: IEEE Press, 2015: 27–51.

    Google Scholar 

  21. Dhawan M, Poddar R, Mahajan K, et al. SPHINX: Detecting security attacks in software-defined networks [C] // Proc 22nd Annual Network and Distributed System Security Symposium. San Diego: NDSS Press, 2015: 8–23.

    Google Scholar 

  22. Murphy M, Shabib A A. POX Wiki [EB/OL].[2016-12-14]. https://openflow.stanford.edu/display/ONL/POX+Wiki.

  23. Diestel R. Graph Theory [M]. Heidelberg: Springer-Verlag, 2016.

    Google Scholar 

  24. Dao N N. A feasible method to combat against DDoS attack in SDN network [C] // 2015 International Conference on Information Networking (ICOIN). Los Alamitos: IEEE Press, 2015: 309–311.

    Google Scholar 

  25. Wang R, Jia Z, Ju L. An entropy-based distributed DDoS detection mechanism in software-defined networking [C] // 2015 IEEE Trustcom/BigDataSE/ISPA, Washington D C: IEEE Press, 2015: 310–317.

    Chapter  Google Scholar 

  26. Mininet Team. Mininet: An instant virtual network on your laptop (or other PC) [EB/OL].[2016-12-14]. http: //mininet.org/.

  27. Ben P, Bob L, Brandon H, et al. OpenFlow switch specication [EB/OL].[2016-10-14]. http://archive.openflow.org/ documents/openflow-spec-v1.1.0.pdf.

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Software Engineering/School of Computer, Wuhan University, Wuhan 430072, Hubei, China

    Jing Chen, Xi Cheng, Ruiying Du, Li Hu & Chiheng Wang

Authors
  1. Jing Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xi Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruiying Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Li Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chiheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jing Chen.

Additional information

Foundation item: Supported by the National Natural Science Foundation of China (61272451, 61572380)

Biography: CHEN Jing, male, Ph.D., Professor, research direction: network security, cloud security

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, J., Cheng, X., Du, R. et al. BotGuard: Lightweight real-time botnet detection in software defined networks. Wuhan Univ. J. Nat. Sci. 22, 103–113 (2017). https://doi.org/10.1007/s11859-017-1223-8

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11859-017-1223-8

Key words

CLC number

Search

Navigation