Article: A collaborative botnets suppression system based on overlay network Journal: International Journal of Security and Networks (IJSN) 2012 Vol.7 No.4 pp.211 - 219 Abstract: Botnets are extremely versatile programs used in many network attacks, such as sending large volumes of spam or launching Distributed Denial-of-Service (DDoS) attacks. Botnets can switch command-and-control servers automatically, which makes completely suppressing botnets very challenging. In this paper, we present a collaborative botnet suppression system based on an overlay network, with one control center node and several suppression nodes. The suppression nodes automatically collect network traffic information and deploy suppression rules; the control center node gathers all collected data, and processes this data by using a botnet detection algorithm. Once botnets are detected, the control center node generates and distributes suppression rules. In order to prevent an excessive growth of the rules set, the system automatically identifies and removes invalid rules through an efficient feedback mechanism. Inderscience Publishers - linking academia, business and industry through research

Title: A collaborative botnets suppression system based on overlay network

Authors: Fuye Han; Zhen Chen; HongFeng Xu; Haopei Wang; Yong Liang

Addresses: Department of Computer Science and Technologies, Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing, China ' Research Institute of Information Technology (RIIT), Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing, China ' Department of Computer Science and Technologies, Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing, China ' Department of Automation, Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing, China ' Department of Computer Science and Technologies, Tsinghua National Laboratory for Information Science and Technology (TNList), Tsinghua University, Beijing, China

Abstract: Botnets are extremely versatile programs used in many network attacks, such as sending large volumes of spam or launching Distributed Denial-of-Service (DDoS) attacks. Botnets can switch command-and-control servers automatically, which makes completely suppressing botnets very challenging. In this paper, we present a collaborative botnet suppression system based on an overlay network, with one control center node and several suppression nodes. The suppression nodes automatically collect network traffic information and deploy suppression rules; the control center node gathers all collected data, and processes this data by using a botnet detection algorithm. Once botnets are detected, the control center node generates and distributes suppression rules. In order to prevent an excessive growth of the rules set, the system automatically identifies and removes invalid rules through an efficient feedback mechanism.

Keywords: botnets; botnet suppression; overlay networks; network security; collaboration; forensics; network attacks; botnet detection; suppression rules.

DOI: 10.1504/IJSN.2012.053459

International Journal of Security and Networks, 2012 Vol.7 No.4, pp.211 - 219

Published online: 25 Apr 2013 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: A collaborative botnets suppression system based on overlay network

Keep up-to-date