Title :
BotCloud: Detecting botnets using MapReduce
Author :
Francois, Jerome ; Wang, Shaonan ; Bronzi, Walter ; State, Radu ; Engel, Thomas
Author_Institution :
Interdiscipl. Center for Security, Univ. of Luxembourg, Luxembourg City, Luxembourg
fDate :
Nov. 29 2011-Dec. 2 2011
Abstract :
Botnets are a major threat of the current Internet. Understanding the novel generation of botnets relying on peer-to-peer networks is crucial for mitigating this threat. Nowadays, botnet traffic is mixed with a huge volume of benign traffic due to almost ubiquitous high speed networks. Such networks can be monitored using IP flow records but their forensic analysis form the major computational bottleneck. We propose in this paper a distributed computing framework that leverages a host dependency model and an adapted PageRank [1] algorithm. We report experimental results from an open-source based Hadoop cluster [2] and highlight the performance benefits when using real network traces from an Internet operator.
Keywords :
IP networks; Internet; computer network security; distributed processing; peer-to-peer computing; telecommunication traffic; BotCloud; IP flow record; Internet; MapReduce; adapted PageRank algorithm; botnet traffic; botnets detection; distributed computing; forensic analysis; host dependency model; open-source based Hadoop cluster; peer-to-peer network; ubiquitous high speed network; Cloud computing; Clustering algorithms; Forensics; IP networks; Peer to peer computing; Topology;
Conference_Titel :
Information Forensics and Security (WIFS), 2011 IEEE International Workshop on
Conference_Location :
Iguacu Falls
Print_ISBN :
978-1-4577-1017-9
Electronic_ISBN :
978-1-4577-1018-6
DOI :
10.1109/WIFS.2011.6123125
