AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Back To Schedule
Wednesday, June 25 • 16:45 - 17:35
Use of Netflow/IPFix Botnet Detection Tools to Determine Placement for Autonomous VM’s

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This paper describes a novel method of autonomously detecting malicious Botnet behaviour within a Cloud datacentre, while at the same time managing Virtual Machine (VM) placement in accordance to its findings, and it presents its implementation with the Scala programming language. A key feature of this method, using output from Netflow/IPFix, both of which are capable of producing detailed network traffic logs, is its capability of detecting unusual Client behaviour through the analysis of individual data packet information.

It has been implemented as a module of an Autonomous Management Distributed System (AMDS) presented in [Dinita, R. I., Wilson, G., Winckles, A., Cirstea, M., Rowsell, T. (2013)], giving it direct access to all the VMs and Hypervisors on the Cloud network. As such, another key feature is that it can have an immediate and effective impact on network security in a Botnet attack context by issuing lockout commands to every networked VM through the AMDS. A proof of concept has been developed and is currently running successfully on the authors’ test bed. 


Razvan-Ioan Dinita

PhD research student and Lecturer, Anglia Ruskin University
Razvan-Ioan Dinita has received a degree in Computer Science and Internet Technology from Anglia Ruskin University of Cambridge, UK. He is currently a PhD research student in Cloud Computing and a Lecturer in Computer Science and Cloud Computing at Anglia Ruskin University. His research... Read More →

Wednesday June 25, 2014 16:45 - 17:35 BST

Attendees (0)