COFFEE: a concept based on OpenFlow to filter and erase events of botnet activity at high-speed nodes
| dc.contributor.author | Schehlmann, Lisa | |
| dc.contributor.author | Baier, Harald | |
| dc.contributor.editor | Horbach, Matthias | |
| dc.date.accessioned | 2019-03-07T09:31:45Z | |
| dc.date.available | 2019-03-07T09:31:45Z | |
| dc.date.issued | 2013 | |
| dc.description.abstract | It is a great challenge to tackle the increasing threat of botnets to contemporary networks. The community developed a lot of approaches to detect botnets. Their fundamental idea differs and may be grouped according to the location (e.g., host-based, network-based), data sets (e.g., full network packets, packet header information), and algorithms (e.g., signature based, anomaly based). However, if applied to high-speed networks like nodes of an Internet service provider (ISP) currently proposed methods suffer from two drawbacks. First, the false positive rate is too high to be used in an operational environment. Second, mitigation and reaction is not addressed. In this paper we introduce COFFEE, our concept of a botnet detection and mitigation framework at large-scale networks. The overall goal of COFFEE is to keep operational costs to a minimum. The detection part of COFFEE comprises two phases: the first one processes the whole traffic to filter candidates of a command-and-control communication using NetFlow-based detection algorithms. In order to decrease the false positive rate, suspected network connections are inspected in more detail in the second phase. The second phase makes use of the concept of Software-Defined Networking (SDN), which is currently deployed in some networks. If the detection yields an alert, SDN again is used to react (e.g., to drop suspect connections). | en |
| dc.identifier.isbn | 978-3-88579-614-5 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/20651 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-220 | |
| dc.title | COFFEE: a concept based on OpenFlow to filter and erase events of botnet activity at high-speed nodes | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 2239 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 2225 | |
| gi.conference.date | 16.-20. September 2013 | |
| gi.conference.location | Koblenz | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- 2225.pdf
- Größe:
- 289.79 KB
- Format:
- Adobe Portable Document Format