BotGuard: Lightweight Real-Time Botnet Detection in Software Defined Networks

The distributed detection of botnets may induce heavy computation and communication costs to network devices. Each device in related scheme only has a regional view of Internet, so it is hard to detect botnet comprehensively. In this paper, we propose a lightweight real-time botnet detection framewo...

Full description

Saved in:
Bibliographic Details
Published in:Wuhan University journal of natural sciences 2017-04, Vol.22 (2), p.103-113
Main Authors: Chen, Jing, Cheng, Xi, Du, Ruiying, Hu, Li, Wang, Chiheng
Format: Article
Language:English
Subjects:
Biomedical and Life Sciences
Computer programs
Computer Science
Electronic devices
Life Sciences
Malware
Materials Science
Network topologies
Real time
Security of Network and Trust Computation
Software-defined networking
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The distributed detection of botnets may induce heavy computation and communication costs to network devices. Each device in related scheme only has a regional view of Internet, so it is hard to detect botnet comprehensively. In this paper, we propose a lightweight real-time botnet detection framework called Bot-Guard, which uses the global landscape and flexible configurability of software defined network (SDN) to identify botnets promptly. SDN, as a new network framework, can make centralized control in botnet detection, but there are still some challenges in such detections. We give a convex lens imaging graph (CLI-graph) to depict the topology characteristics of botnet, which allows SDN controller to locate attacks separately and mitigate the burden of network devices. The theoretical and experimental resuits prove that our scheme is capable of timely botnet detecting in SDNs with the accuracy higher than 90% and the delay less than 56 ms.
ISSN:1007-1202
1993-4998
DOI:10.1007/s11859-017-1223-8