JISE

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]

Journal of Information Science and Engineering, Vol. 33 No. 3, pp. 807-821

An SDN-based Sampling System for Cloud P2P Bots Detection

JIANG-YONG SHI¹, JIE HE^2,+ AND YUE-XIANG YANG¹
¹School of Computer
National University of Defense Technology
Changsha, 410072 P.R. China
²Department of Information Engineering
Officers College of PAP
Chengdu, 610213 P.R. China
E-mail: {shijiangyong; yyx}@nudt.edu.cn; jack.237@163.com

Cloud network monitoring is a crucial problem in protecting cloud security. As the traffic is huge and the network structure is dynamically changing, it is hard to monitor collaborative attacks such as P2P botnets. This paper presents a two-stage sampling system based on SDN, which is able to extract security related packets from the vast cloud traffic thus reducing the performance cost. We implement a prototype of the sampling system to detect P2P bots in cloud. The prototype is evaluated with real-world P2P botnet traffics. The experimental results demonstrate that our method can identify potential P2P bots quickly and accurately with few false positives and high detection accuracy at an acceptable performance cost.

Keywords: ampling, SDN, cloud, P2P botnet, security

Retrieve PDF document (JISE_201703_13.pdf)