scholarly journals SURVEY OF BOTNETS AND DETECTION TOOLS

2016 ◽  
pp. 208-213
Author(s):  
VIVEK ARYA ◽  
ASHISH CHAUHAN
Keyword(s):  
Denial Of Service ◽  
Single Individual ◽  
Distributed Denial Of Service ◽  
Exponential Rate ◽  
Click Fraud ◽  
Root Cause ◽  
Internet Community ◽  
And Control ◽  
Detection Mechanisms ◽  
A Current

Botnet meaning bot network is a collection of infected computers under the command and control of a single individual known as a botmaster. Botnets are a current threat to the Internet community and have recently been a root cause of many Internet attacks. Various attacks that include spamming, distributed denial of service attacks, phishing, click fraud, hosting illegal material, key logging etc. are being carried out by hackers using botnets. Botnets are becoming more efficient and more elaborate with time and their use is growing at an exponential rate. In this paper a detailed study of botnet, their topologies, rallying mechanisms and communication protocols used and detection mechanisms both at the network and host level are presented.

scholarly journals Analysis of different system to sustain against the botnet attack

2020 ◽  
pp. 262-271
Author(s):  
Mr Rishikesh ◽  
Kanika Thakur
Keyword(s):  
Operating System ◽  
Operating Systems ◽  
Cyber Security ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Click Fraud ◽  
Fair Comparison ◽  
Distributed Platform ◽  
Illegal Activities ◽  
And Control

Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. In this article i have used a bot created from msfvenom , which is a popular tool from a penetration operating system Kali Linux and tested it in various operating system to view the power of sustenance among them. I have used some most popular operating systems which are generally used in banks, ATMs or by individuals. I have tested all the operating system with their default anti-virus and firewalls to make it a fair comparison.

scholarly journals Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

2021 ◽  
Author(s):  
◽  
Jarrod Bakker
Keyword(s):  
Denial Of Service ◽  
Network Control ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Network Information ◽  
Ddos Attack ◽  
Machine Learning Methods ◽  
Attack Scenario ◽  
And Control

<p>Distributed denial of service (DDoS) attacks utilise many attacking entities to prevent legitimate use of a resource via consumption. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are not centralised. Software-Defined Networking is a recent paradigm that centralises network control, thus improving the ability to gather network information. Traffic classification techniques can leverage the gathered data to detect DDoS attacks.This thesis utilises nmeta2, a SDN-based traffic classification architecture, to study the effectiveness of machine learning methods to detect DDoS attacks. These methods are evaluated on a physical network testbed to demonstrate their application during a DDoS attack scenario.</p>

scholarly journals Identifying Botnets: Classification and Detection

2019 ◽  
Vol 8 (9S) ◽  
pp. 131-137
Keyword(s):  
Denial Of Service ◽  
Cyber Attacks ◽  
Distributed Denial Of Service ◽  
Huge Amount ◽  
Internet Relay Chat ◽  
Ip Address ◽  
Detection Techniques ◽  
The Past ◽  
Hypertext Transfer Protocol ◽  
And Control

The past few years have witnessed the threats caused by the evolving of botnets. It has been found that the nefarious network consisting of contagious systems called as bots are operated by the botmaster. These botnets have been used for malicious activities. This prevailing threat on the internet has led to spam, Distributed Denial of Service (DDoS) attacks, phishing emails, and other cyber-attacks. The detection of such networks is very important keeping the protocols and features they work upon. The paper talks about the various detection techniques that can be adapted to evade the attacks of bots. The huge amount of traffic created by bots can be studied and distinguished respectively to understand the protocols used by the botmaster; which are further used to detect botnets based on the signature and anomaly patterns. The attacks being done from different locations have made it difficult for a botnet to be caught. It has been mentioned that a few networks provide the bots with a nickname using which the detection can be done. The method has been described thoroughly by also specifying how the bot-names of the same network are similar. Nowadays, the number of botnets has increased with a fewer number of trained bots. These network work upon the protocols like Command and Control (C&C), Internet Relay Chat (IRC), HyperText Transfer Protocol (HTTP) and Peer to Peer(P2P). The detection of such networks is being done classifying the traffic and analyzing the spam e-mails alongside the respected IP address. Even the traps of honeynet are developed which motivate the botmaster to take action and get caught. Such honeynet techniques along with the required steps and the necessary precautions are also mentioned in the paper.

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

scholarly journals Proposed approach to detect distributed denial of service attacks in software defined network using machine learning algorithms

2018 ◽  
Vol 7 (2.8) ◽  
pp. 472 ◽  
Author(s):  
Shruti Banerjee ◽  
Partha Sarathi Chakraborty ◽  
. .
Keyword(s):  
Machine Learning ◽  
Denial Of Service ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Paper Machine ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Control Plane ◽  
Data Plane ◽  
And Control

SDN (Software Defined Network) is rapidly gaining importance of ‘programmable network’ infrastructure. The SDN architecture separates the Data plane (forwarding devices) and Control plane (controller of the SDN). This makes it easy to deploy new versions to the infrastructure and provides straightforward network virtualization. Distributed Denial-of-Service attack is a major cyber security threat to the SDN. It is equally vulnerable to both data plane and control plane. In this paper, machine learning algorithms such as Naïve Bayesian, KNN, K Means, K-Medoids, Linear Regression, use to classify the incoming traffic as usual or unusual. Above mentioned algorithms are measured using the two metrics: accuracy and detection rate. The best fit algorithm is applied to implement the signature IDS which forms the module 1 of the proposed IDS. Second Module uses open connections to state the exact node which is an attacker and to block that particular IP address by placing it in Access Control List (ACL), thus increasing the processing speed of SDN as a whole. 

scholarly journals A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)

2018 ◽  
Vol 8 (2) ◽  
pp. 2724-2730 ◽  
Author(s):  
M. H. H. Khairi ◽  
S. H. S. Ariffin ◽  
N. M. Abdul Latiff ◽  
A. S. Abdullah ◽  
M. K. Hassan
Keyword(s):  
Anomaly Detection ◽  
Network Architecture ◽  
Denial Of Service ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Detection Techniques ◽  
And Control ◽  
Entire Network

Software defined network (SDN) is a network architecture in which the network traffic may be operated and managed dynamically according to user requirements and demands. Issue of security is one of the big challenges of SDN because different attacks may affect performance and these attacks can be classified into different types. One of the famous attacks is distributed denial of service (DDoS). SDN is a new networking approach that is introduced with the goal to simplify the network management by separating the data and control planes. However, the separation leads to the emergence of new types of distributed denial-of-service (DDOS) attacks on SDN networks. The centralized role of the controller in SDN makes it a perfect target for the attackers. Such attacks can easily bring down the entire network by bringing down the controller. This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.

A Survey of Botnet-Based DDoS Flooding Attacks of Application Layer

2016 ◽  
pp. 52-79 ◽  
Author(s):  
Esraa Alomari ◽  
Selvakumar Manickam ◽  
B. B. Gupta ◽  
Mohammed Anbar ◽  
Redhwan M. A. Saad ◽  
...  
Keyword(s):  
Denial Of Service ◽  
Internet Security ◽  
Sensitive Information ◽  
Distributed Denial Of Service ◽  
Cyber Attack ◽  
Open Problems ◽  
Ddos Attack ◽  
Flooding Attacks ◽  
Cyber Espionage ◽  
Detection Mechanisms

A Botnet can be used to launch a cyber-attack, such as a Distributed Denial of Service (DDoS) attack, against a target or to conduct a cyber-espionage campaign to steal sensitive information. This survey analyzes and compares the most important efforts carried out in an application-based detection area and this survey extended to cover the mitigation approaches for the Botnet-based DDoS flooding attacks. It accomplishes four tasks: first, an extensive illustration on Internet Security; second, an extensive comparison between representative detection mechanisms; third, the comparison between the mitigation mechanisms against Botnet-based DDoS flooding and fourth, the description of the most important problems and highlights in the area. We conclude that the area has achieved great advances so far, but there are still many open problems.

Sign in / Sign up

Export Citation Format

Share Document