| Botnet has become a serious Internet security threat nowadays.The attack-countering of botnets is usually divided into two phases—detection and prevention,and detection which is the precondition of prevention is more important.In traditional network,detection schemes are deployed on multiple devices.This distributed detection of botnets may induce heavy computation and communication costs to network devices.Each device in related scheme only has a regional view of Internet,so it is hard to detect botnet comprehensively.In this paper,we propose a lightweight real-time botnet detection framework called BotGuard,which uses the global landscape and flexible configurability of software defined network(SDN)to identify botnets promptly.SDN,as a new network framework,can make centralized control in botnet detection,but there are still some challenges as lower detection efficiency in such detections.We use the graph theory and matching algorithm for detection and give a convex lens imaging graph(CLI-graph)to depict the topology characteristics of botnet,which allows SDN controller to locate attacks separately and mitigate the burden of network devices.The theoretical and experimental results prove that our scheme is capable of timely botnet detecting in SDNs with the accuracy higher than 90%and the delay less than 56 ms. |
PDF Full Text Request