JISE


  [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ]


Journal of Information Science and Engineering, Vol. 33 No. 3, pp. 807-821


An SDN-based Sampling System for Cloud P2P Bots Detection


JIANG-YONG SHI1, JIE HE2,+ AND YUE-XIANG YANG1
1School of Computer
National University of Defense Technology
Changsha, 410072 P.R. China

2Department of Information Engineering
Officers College of PAP
Chengdu, 610213 P.R. China
E-mail: {shijiangyong; yyx}@nudt.edu.cn; jack.237@163.com


Cloud network monitoring is a crucial problem in protecting cloud security. As the traffic is huge and the network structure is dynamically changing, it is hard to monitor collaborative attacks such as P2P botnets. This paper presents a two-stage sampling system based on SDN, which is able to extract security related packets from the vast cloud traffic thus reducing the performance cost. We implement a prototype of the sampling system to detect P2P bots in cloud. The prototype is evaluated with real-world P2P botnet traffics. The experimental results demonstrate that our method can identify potential P2P bots quickly and accurately with few false positives and high detection accuracy at an acceptable performance cost.


Keywords: ampling, SDN, cloud, P2P botnet, security

  Retrieve PDF document (JISE_201703_13.pdf)