Abstract
The framework that we are proposing is based on Virtual Security Functions (VSF), Openflow, Wasuh (Open-Source Security Platform), Software Define Network, Mininet, Pox Controller, Virtual Switches. By using Openflow protocol through virtualized environment of SDN we are capable to analyse entire data stream in network environment. By creating botnet identification virtual security functions, we are capable to increase network security by blocking the attack at the time of the initiation. We are constantly monitoring the network connections and in case of malicious activities Pox Controller is blocking it. VSF will allow to use the capability of framework, in order to protect against different botnet attacks. Each security functions can be activated concurrently for anomaly detection. All functions can be run in parallel and based on stream analyses of Openflow table can identify anomaly.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Pinho, M.: AWS Shield Threat Landscape Report - Q1 2020, 29 May 2020
Herzberg, B., Bekerman, D., Zeifman, I.: Breaking Down Mirai: An IoT DDoS Botnet Analysis – Imperva reading, 26 October 18
Antonakakis, M., April, T.: Understanding the Mirai Botnet. In: Proceedings of the 26th USENIX Security Symposium, Vancouver, Canada (2017)
Braga, R.S., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: Proceedings of the 35th Annual IEEE Conference on Local Computer Networks (LCN) (2010)
Heller, B., Seetharaman, S., Mahadevan, P., Yiakoumis, Y., Sharma, P., McKeown, N.: Elastictree: saving energy in data centernet works. In: 7th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010 (2010)
Popa, L., Yu, M., Ko, S.Y., Stoica, I., Ratnasamy, S.: Cloud Police: taking access control out of the network. In: Proceedings of the 9th ACM Hot Topics in Networks, Hot Nets (2010)
Bholebawa, I.Z., Dalal, U.D.: Performance analysis of SDN/OpenFlow controllers: POX versus floodlight. Wirel. Pers. Commun. 98(2), 1679–1699 (2017). https://doi.org/10.1007/s11277-017-4939-z
Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M.: FRESCO: modular composable security services for software defined networks. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium, NDSS 2013 (2013)
Yoon, C., Park, T., Lee, S., Kang, H., Shin, S., Zhang, Z.: Enabling security functions with SDN: a feasibility study. Comput. Netw. 85, 19–35 (2015)
McKeown, N., et al.: Open Flow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38, 69–74 (2008)
Cloudflare knowledge base - What is blackhole routing
Vukalović, J., Delija, D.: Advanced persistent threats - detection and defense. In: 2015 IEEE 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (2015)
Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: 2009 3rd International Conference on Emerging Security Information, Systems and Technologies. IEEE (2009)
Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions. Computer Engineering and Computer Science
Kaur, S., Singh, J., Ghumman, N.S.: Network programmability using POX controller. In: International Conference on Communication, Computing & Systems (2014)
Sflow-RT Telemetry, analytics, and control with sFlow standard
Medeiros, I., Neves, N., Correia, M.: Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Languages. 1, 1, Article 1 (2016)
Manso, P., Moura, J., Serrão, C.: SDN-based intrusion detection system for early detection and mitigation of DDoS attacks. Information 10(3), 106 (2019). https://doi.org/10.3390/info10030106
Sazak, S., Rebane, J.: Sysmon - Wazuh Sigma Rules – GitHub, 29 June 2007. GNU Public License
Praetox, A.B.: Low Orbit Ion Cannon (LOIC) 2018 network stress testing tool
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Dimiter, A., Dobrev, D. (2022). Botnet Attack Identification Based on SDN. In: Dolev, S., Katz, J., Meisels, A. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2022. Lecture Notes in Computer Science, vol 13301. Springer, Cham. https://doi.org/10.1007/978-3-031-07689-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-07689-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07688-6
Online ISBN: 978-3-031-07689-3
eBook Packages: Computer ScienceComputer Science (R0)