Graham_et_al_2016.pdf (636.83 kB)
Practical Experiences of Building an IPFIX Based Open Source Botnet Detector
journal contribution
posted on 2023-07-26, 14:29 authored by Mark Graham, Adrian Winckles, Erika SanchezThe academic study of flow-based malware detection has primarily focused on NetFlow v5 and v9. In 2013 IPFIX was ratified as the flow export standard. As part of a larger project to develop protection methods for Cloud Service Providers from botnet threats, this paper considers the challenges involved in designing an open source IPFIX based botnet detection function. This paper describes how these challenges were overcome and presents an open source system built upon Xen hypervisor and Open vSwitch that is able to display botnet traffic within Cloud Service Provider-style virtualised environments. The system utilises Euler property graphs to display suspect “botnests”. The conceptual framework presented provides a vendor-neutral, real-time detection mechanism for monitoring botnet communication traffic within cloud architectures and the Internet of Things.
History
Refereed
- Yes
Volume
1Issue number
1Page range
21-28Publication title
Journal on Cybercrime and Digital InvestigationsISSN
2494-2715External DOI
Publisher
CECyFFile version
- Published version
Language
- eng
Official URL
Legacy posted date
2018-11-28Legacy creation date
2018-11-28Legacy Faculty/School/Department
ARCHIVED Faculty of Science & Technology (until September 2018)Usage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC