Botnet detection within cloud service provider networks using flow protocols

Botnets continue to remain one of the most destructive threats to cyber security. This work aims to detect botnet traffic within an abstracted virtualised infrastructure, such as is found within cloud service providers. To achieve this an environment is created based on Xen hypervisor, using Open vSwitch to export NetFlow Version 9. This paper provides experimental evidence for how flow export can capture network traffic parameters for identifying the presence of a command and control botnet within a virtualised infrastructure. The conceptual framework described within this paper presents a non-intrusive detection element for a botnet protection system for cloud service providers. Such a system could protect the type of virtualised environments that will form the building blocks for the Internet of Things.