Botnet detection within cloud service provider networks using flow protocols

Graham, Mark; Winckles, Adrian; Sanchez-Velazquez, Erika

doi:10.1109/indin.2015.7281975

Cited by 12 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Count Based Filtering (D3) [38] Hop count and request frequency thresholds [34] TTL matching to detect IP spoofing [44] Request threshold for a human in unit time [71] Threshold on number of connections by a source [57] TTL probing to find genuine TTLs [42] Request count threshold by each source BotCloud Detection (D4) [72] Network/VMM checks to find attack VMs [73] CSP driven attack flow check and source trace [74] Bot detection in VMs using NetFlow [75] Hypervisor led collaborative egress detection [76] Virtual Machine Introspection (VMI)…”

Section: Source and Spoof Trace (D2)mentioning

confidence: 99%

“…Authors in [73] provide a solution where the cloud provider checks the traffic flow and perform the anomaly detection using source traceback techniques at the network. Authors in [74] provide a solution based on SDN approaches using Bot detection with the help of NetFlow protocol. Hypervisor based checks are used to detect the vulnerabilities in the guest VMs in [75] where collaborative egress detection technique is employed.…”

Section: Botcloud Detection (D4)mentioning

confidence: 99%

See 1 more Smart Citation

DDoS attacks in cloud computing: Issues, taxonomy, and future directions

Somani

Gaur

Sanghi

et al. 2017

Computer Communications

236

102

View full text Add to dashboard Cite

Security issues related to the cloud computing are relevant to various stakeholders for an informed cloud adoption decision. Apart from data breaches, the cyber security research community is revisiting the attack space for cloud-specific solutions as these issues affect budget, resource management, and service quality. Distributed Denial of Service (DDoS) attack is one such serious attack in the cloud space. In this paper, we present developments related to DDoS attack mitigation solutions in the cloud. In particular, we present a comprehensive survey with a detailed insight into the characterization, prevention, detection, and mitigation mechanisms of these attacks. Additionally, we present a comprehensive solution taxonomy to classify DDoS attack solutions. We also provide a comprehensive discussion on important metrics to evaluate various solutions. This survey concludes that there is a strong requirement of solutions, which are designed keeping utility computing models in mind. Accurate auto-scaling decisions, multi-layer mitigation, and defense using profound resources in the cloud, are some of the key requirements of the desired solutions. In the end, we provide a definite guideline on effective solution building and detailed solution requirements to help the cyber security research community in designing defense mechanisms. To the best of our knowledge, this work is a novel attempt to identify the need of DDoS mitigation solutions involving multi-level information flow and effective resource management during the attack.

show abstract

Section: Source and Spoof Trace (D2)mentioning

confidence: 99%

Section: Botcloud Detection (D4)mentioning

confidence: 99%

DDoS attacks in cloud computing: Issues, taxonomy, and future directions

Somani

Gaur

Sanghi

et al. 2017

Computer Communications

236

102

View full text Add to dashboard Cite

show abstract

“…Graham et al [38] experimented on how flow export could be used to capture network traffic parameters for identifying C&C server within a virtual machine of a cloud platform. They used NetFlow exported from virtual switches to detect C&C botnets within virtualized infrastructures.…”

Section: Network-based and Flow-based Botnet Detectionmentioning

confidence: 99%

Detecting P2P Botnet in Software Defined Networks

Chen

Tsai

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Software Defined Network separates the control plane from network equipment and has great advantage in network management as compared with traditional approaches. With this paradigm, the security issues persist to exist and could become even worse because of the flexibility on handling the packets. In this paper we propose an effective framework by integrating SDN and machine learning to detect and categorize P2P network traffics. This work provides experimental evidence showing that our approach can automatically analyze network traffic and flexibly change flow entries in OpenFlow switches through the SDN controller. This can effectively help the network administrators manage related security problems.

show abstract