BotCloud: Detecting botnets using MapReduce

Author

Francois, Jerome ; Wang, Shaonan ; Bronzi, Walter ; State, Radu ; Engel, Thomas

Author_Institution

Interdiscipl. Center for Security, Univ. of Luxembourg, Luxembourg City, Luxembourg

fYear

2011

fDate

Nov. 29 2011-Dec. 2 2011

Firstpage

1

Lastpage

6

Abstract

Botnets are a major threat of the current Internet. Understanding the novel generation of botnets relying on peer-to-peer networks is crucial for mitigating this threat. Nowadays, botnet traffic is mixed with a huge volume of benign traffic due to almost ubiquitous high speed networks. Such networks can be monitored using IP flow records but their forensic analysis form the major computational bottleneck. We propose in this paper a distributed computing framework that leverages a host dependency model and an adapted PageRank [1] algorithm. We report experimental results from an open-source based Hadoop cluster [2] and highlight the performance benefits when using real network traces from an Internet operator.

Keywords

IP networks; Internet; computer network security; distributed processing; peer-to-peer computing; telecommunication traffic; BotCloud; IP flow record; Internet; MapReduce; adapted PageRank algorithm; botnet traffic; botnets detection; distributed computing; forensic analysis; host dependency model; open-source based Hadoop cluster; peer-to-peer network; ubiquitous high speed network; Cloud computing; Clustering algorithms; Forensics; IP networks; Peer to peer computing; Topology;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Forensics and Security (WIFS), 2011 IEEE International Workshop on

Conference_Location

Iguacu Falls

Print_ISBN

978-1-4577-1017-9

Electronic_ISBN

978-1-4577-1018-6

Type

conf

DOI

10.1109/WIFS.2011.6123125

Filename

6123125