Identifying Botnets: Classification and Detection

The past few years have witnessed the threats caused by the evolving of botnets. It has been found that the nefarious network consisting of contagious systems called as bots are operated by the botmaster. These botnets have been used for malicious activities. This prevailing threat on the internet has led to spam, Distributed Denial of Service (DDoS) attacks, phishing emails, and other cyber-attacks. The detection of such networks is very important keeping the protocols and features they work upon. The paper talks about the various detection techniques that can be adapted to evade the attacks of bots. The huge amount of traffic created by bots can be studied and distinguished respectively to understand the protocols used by the botmaster; which are further used to detect botnets based on the signature and anomaly patterns. The attacks being done from different locations have made it difficult for a botnet to be caught. It has been mentioned that a few networks provide the bots with a nickname using which the detection can be done. The method has been described thoroughly by also specifying how the bot-names of the same network are similar. Nowadays, the number of botnets has increased with a fewer number of trained bots. These network work upon the protocols like Command and Control (C&C), Internet Relay Chat (IRC), HyperText Transfer Protocol (HTTP) and Peer to Peer(P2P). The detection of such networks is being done classifying the traffic and analyzing the spam e-mails alongside the respected IP address. Even the traps of honeynet are developed which motivate the botmaster to take action and get caught. Such honeynet techniques along with the required steps and the necessary precautions are also mentioned in the paper.

Download Full-text

A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)

Engineering, Technology & Applied Science Research ◽

10.48084/etasr.1840 ◽

2018 ◽

Vol 8 (2) ◽

pp. 2724-2730 ◽

Cited By ~ 2

Author(s):

M. H. H. Khairi ◽

S. H. S. Ariffin ◽

N. M. Abdul Latiff ◽

A. S. Abdullah ◽

M. K. Hassan

Keyword(s):

Anomaly Detection ◽

Network Architecture ◽

Denial Of Service ◽

Software Defined Network ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Detection Techniques ◽

And Control ◽

Entire Network

Software defined network (SDN) is a network architecture in which the network traffic may be operated and managed dynamically according to user requirements and demands. Issue of security is one of the big challenges of SDN because different attacks may affect performance and these attacks can be classified into different types. One of the famous attacks is distributed denial of service (DDoS). SDN is a new networking approach that is introduced with the goal to simplify the network management by separating the data and control planes. However, the separation leads to the emergence of new types of distributed denial-of-service (DDOS) attacks on SDN networks. The centralized role of the controller in SDN makes it a perfect target for the attackers. Such attacks can easily bring down the entire network by bringing down the controller. This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.

Download Full-text

A SURVEY ON CLOUD-DENIAL OF SERVICE

American Journal of Advanced Computing ◽

10.15864/ajac.1205 ◽

2020 ◽

Vol 1 (2) ◽

pp. 1-5

Author(s):

Bibek Naha ◽

Siddhartha Banerjee ◽

Sayanti Mondal

Keyword(s):

Cloud Computing ◽

Comparative Study ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Cloud Environment ◽

Dos Attack ◽

Huge Amount ◽

Denial Of Service Attack ◽

Service Attack ◽

Insight Into

Cloud Computing is one of the most nurtured as well as debated topic in today’s world. Billions of data of various fields ranging from personal users to large business enterprises reside in Cloud. Therefore, availability of this huge amount of data and services is of immense importance. The DOS (Denial of Service) attack is a well-known threat to the availability of data in a smaller premise. Whenever, it’s a Cloud environment this simple DOS attack takes the form of DDOS (Distributed Denial of Service) attack. This paper provides a generic insight into the various kinds of DOS as well as DDOS attacks. Moreover, a handful of countermeasures have also been depicted here. In a nutshell, it aims at raising an awareness by outlining a clear picture of the Cloud availability issues.Our paper gives a comparative study of different techniques of detecting DOS.

Download Full-text

Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring

Lecture Notes in Computer Science - NETWORKING 2004. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications ◽

10.1007/978-3-540-24693-0_63 ◽

2004 ◽

pp. 771-782 ◽

Cited By ~ 47

Author(s):

Tao Peng ◽

Christopher Leckie ◽

Kotagiri Ramamohanarao

Keyword(s):

Denial Of Service ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Ip Address

Download Full-text

An Enhanced Way of Distributed Denial of Service Attack Detection by Applying Machine Learning Algorithms in Cloud Computing

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.9317 ◽

2020 ◽

Vol 17 (8) ◽

pp. 3765-3769

Author(s):

N. P. Ponnuviji ◽

M. Vigilson Prem

Keyword(s):

Machine Learning ◽

Cloud Computing ◽

Denial Of Service ◽

Learning Algorithms ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Distributed Denial Of Service ◽

Detection Techniques ◽

Network Bandwidth ◽

Ddos Attack

Cloud Computing has revolutionized the Information Technology by allowing the users to use variety number of resources in different applications in a less expensive manner. The resources are allocated to access by providing scalability flexible on-demand access in a virtual manner, reduced maintenance with less infrastructure cost. The majority of resources are handled and managed by the organizations over the internet by using different standards and formats of the networking protocols. Various research and statistics have proved that the available and existing technologies are prone to threats and vulnerabilities in the protocols legacy in the form of bugs that pave way for intrusion in different ways by the attackers. The most common among attacks is the Distributed Denial of Service (DDoS) attack. This attack targets the cloud’s performance and cause serious damage to the entire cloud computing environment. In the DDoS attack scenario, the compromised computers are targeted. The attacks are done by transmitting a large number of packets injected with known and unknown bugs to a server. A huge portion of the network bandwidth of the users’ cloud infrastructure is affected by consuming enormous time of their servers. In this paper, we have proposed a DDoS Attack detection scheme based on Random Forest algorithm to mitigate the DDoS threat. This algorithm is used along with the signature detection techniques and generates a decision tree. This helps in the detection of signature attacks for the DDoS flooding attacks. We have also used other machine learning algorithms and analyzed based on the yielded results.

Download Full-text

MITIGATING SLOW HYPERTEXT TRANSFER PROTOCOL DISTRIBUTED DENIAL OF SERVICE ATTACKS IN SOFTWARE DEFINED NETWORKS

Journal of Information and Communication Technology ◽

10.32890/jict2021.20.3.1 ◽

2021 ◽

Vol 20 (Number 3) ◽

pp. 277-304

Author(s):

Oluwatobi Shadrach Akanji ◽

Opeyemi Aderiike Abisoye ◽

Mohammed Awwal Iliyasu

Keyword(s):

Genetic Algorithm ◽

Support Vector Machine ◽

Denial Of Service ◽

Receiver Operating Curve ◽

Support Vector ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Positive Rate ◽

Hypertext Transfer Protocol ◽

Transfer Protocol

Distributed Denial of Service (DDoS) attacks has been one of the persistent forms of attacks on information technology infrastructure connected to public networks due to the ease of access to DDoS attack tools. Researchers have been able to develop several techniques to curb volumetric DDoS which overwhelms the target with a large number of request packets. However, compared to slow DDoS, limited number of research has been executed on mitigating slow DDoS. Attackers have resorted to slow DDoS because it mimics the behaviour of a slow legitimate client thereby causing service unavailability. This paper provides the scholarly community with an approach to boosting service availability in web servers under slow Hypertext Transfer Protocol (HTTP) DDoS attacks through attack detection using Genetic Algorithm and Support Vector Machine which facilitates attack mitigation in a Software-Defined Networking (SDN) environment simulated in GNS3. Genetic algorithm was used to select the Netflow features which indicates the presence of an attack and also determine the appropriate regularization parameter, C, and gamma parameter for the Support Vector Machine classifier. Results obtained showed that the classifier had detection accuracy, Area Under Receiver Operating Curve (AUC), true positive rate, false positive rate and a false negative rate of 99.89%, 99.89%, 99.95%, 0.18%, and 0.05% respectively. Also, the algorithm for subsequent implementation of the selective adaptive bubble burst mitigation mechanism was presented. This study contributes to the ongoing research in detecting and mitigating slow HTTP DDoS attacks with emphasis on the use of machine learning classification and meta-heuristic algorithms.

Download Full-text

Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

10.26686/wgtn.17064107.v1 ◽

2021 ◽

Author(s):

◽

Jarrod Bakker

Keyword(s):

Denial Of Service ◽

Network Control ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Network Information ◽

Ddos Attack ◽

Machine Learning Methods ◽

Attack Scenario ◽

And Control

<p>Distributed denial of service (DDoS) attacks utilise many attacking entities to prevent legitimate use of a resource via consumption. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are not centralised. Software-Defined Networking is a recent paradigm that centralises network control, thus improving the ability to gather network information. Traffic classification techniques can leverage the gathered data to detect DDoS attacks.This thesis utilises nmeta2, a SDN-based traffic classification architecture, to study the effectiveness of machine learning methods to detect DDoS attacks. These methods are evaluated on a physical network testbed to demonstrate their application during a DDoS attack scenario.</p>

Download Full-text

Optimasi Keamanan Informasi Pendaftaran Event Menggunakan Teknologi Blockchain

Jurnal Ilmiah FIFO ◽

10.22441/fifo.2020.v12i1.007 ◽

2020 ◽

Vol 12 (1) ◽

pp. 74

Author(s):

Iqbal Busthomi ◽

Imam Riadi ◽

Rusydi Umar

Keyword(s):

Web Application ◽

Denial Of Service ◽

Cyber Attacks ◽

Data Consistency ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Registration Data ◽

Event System ◽

Start Up ◽

Cpu Usage

Abstract CV. Nyebar is an IT-based start-up that deals with event data management using a web-based application. The Event system provides account registration services as a Member and Organizer. Members of the Event System must first have an account and log-in to be able to register for the event. The process of registering events so far has not been properly secured. The event registration process will send registrant information, but the information sent has not been secured and validated first, so the Event System is still vulnerable to cyber-attacks including the registration data sniffing attack and Distributed Denial of Service (DDoS) attacks. DDoS attacks are carried out by sending messages and packet requests continuously to the business sector, hosting, social sites originating from bot at one time, resulting in overloaded network servers because of the resources (bandwidth, memory, and CPU usage) they have. the network server is used up. Blockchain which has three techniques/mechanisms including the use of hashes and proof-of-work mechanisms which can be an alternative security for event registration information because it can maintain information security, data consistency, and DDoS attacks.Keyword: Web Application, Distributed Denial of Service (DDoS), BlockchainAbstrak CV. Nyebar merupakan start-up berbasis IT yang bergelut dibidang pengelolaan data event menggunakan sebuah aplikasi berbasis web. Sistem Event menyediakan layanan pendaftaran akun sebagai Member dan Organizer. Member dari Sistem Event harus memiliki akun dan log-in terlebih dahulu untuk mendaftar sebuah event. Proses pendaftaran event sejauh ini belum diamankan dengan baik. Proses pendaftaran event akan mengirimkan informasi pendaftar, namun informasi yang dikirimkan belum diamanakan dan divalidasi terlebih dahulu, sehingga Sistem Event masih rentan akan serangan siber diantaranya adalah serangan sniffing data pendaftaran dan serangan Distributed Denial of Service (DDoS). Serangan DDoS dilakukan dengan mengirimkan pesan dan permintaan paket secara terus menerus kepada sektor bisnis, hosting, situs sosial yang berasal dari bot dalam satu waktu, sehingga mengakibatkan server jaringan menjadi overload karena sumber daya (bandwith, memory, dan CPU usage) yang dimiliki server jaringan habis terpakai. Blockchain yang memiliki dua teknik/mekanisme antara lain adalah penggunaan hash dan mekanisme proof-of-work, yang dapat menjadi alternatif pengamanan informasi pemdaftaran event karena dapat menjaga keamanan informasi, kekonsistenan data, dan serangan dari DDoS.Keyword: Aplikasi Web, Distributed Denial of Service (DDoS), Teknologi Blockchain

Download Full-text

ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

International Journal of Computing ◽

10.47839/ijc.19.3.1889 ◽

2020 ◽

pp. 399-410

Author(s):

Jawad Dalou' ◽

Basheer Al-Duwairi ◽

Mohammad Al-Jarrah

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Point Of View ◽

Software Defined Networks ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Control Plane ◽

Data Plane ◽

And Control ◽

Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

Download Full-text

Analysis of different system to sustain against the botnet attack

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit206361 ◽

2020 ◽

pp. 262-271

Author(s):

Mr Rishikesh ◽

Kanika Thakur

Keyword(s):

Operating System ◽

Operating Systems ◽

Cyber Security ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Click Fraud ◽

Fair Comparison ◽

Distributed Platform ◽

Illegal Activities ◽

And Control

Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. In this article i have used a bot created from msfvenom , which is a popular tool from a penetration operating system Kali Linux and tested it in various operating system to view the power of sustenance among them. I have used some most popular operating systems which are generally used in banks, ATMs or by individuals. I have tested all the operating system with their default anti-virus and firewalls to make it a fair comparison.

Download Full-text

Proposed approach to detect distributed denial of service attacks in software defined network using machine learning algorithms

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.8.10488 ◽

2018 ◽

Vol 7 (2.8) ◽

pp. 472 ◽

Cited By ~ 1

Author(s):

Shruti Banerjee ◽

Partha Sarathi Chakraborty ◽

. .

Keyword(s):

Machine Learning ◽

Denial Of Service ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Paper Machine ◽

Software Defined Network ◽

Distributed Denial Of Service ◽

Control Plane ◽

Data Plane ◽

And Control

SDN (Software Defined Network) is rapidly gaining importance of ‘programmable network’ infrastructure. The SDN architecture separates the Data plane (forwarding devices) and Control plane (controller of the SDN). This makes it easy to deploy new versions to the infrastructure and provides straightforward network virtualization. Distributed Denial-of-Service attack is a major cyber security threat to the SDN. It is equally vulnerable to both data plane and control plane. In this paper, machine learning algorithms such as Naïve Bayesian, KNN, K Means, K-Medoids, Linear Regression, use to classify the incoming traffic as usual or unusual. Above mentioned algorithms are measured using the two metrics: accuracy and detection rate. The best fit algorithm is applied to implement the signature IDS which forms the module 1 of the proposed IDS. Second Module uses open connections to state the exact node which is an attacker and to block that particular IP address by placing it in Access Control List (ACL), thus increasing the processing speed of SDN as a whole.

Download Full-text