An Analysis of Botnet Attack for SMTP Server using Software Define Network (SDN) (技術と社会・倫理)

SDN architecture overwhelms traditional network architectures by software abstraction for a centralize control of the entire networks. It provides manageable network infrastructures that consist millions of computing devices and software. In this work, we present multi-domain SDNs architecture with an integration of Spamhaus server. The proposed method allows SDN Controllers to update the Spamhaus server with latest detected spam signatures. It can help to prevent any spam email from entering others SDN domains. We also discussed a method for analyzing SMTP spam frames using a decision tree algorithm. We use Mininet tool to simulate the multi-domain SDNs with the Spamhaus server. The simulation results show that a packet Retransmission Timeout (RTO) between server and client can help to detect the SMTP spam frames.

[1]  홍원기,et al.  A Flow-based Method for Abnormal Network Traffic Detection , 2004 .

[2]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[3]  Mathieu Bouet,et al.  DISCO: Distributed multi-domain SDN controllers , 2013, 2014 IEEE Network Operations and Management Symposium (NOMS).

[4]  Tomas Sochor,et al.  Overview of e-mail SPAM elimination and its efficiency , 2014, 2014 IEEE Eighth International Conference on Research Challenges in Information Science (RCIS).

[5]  Ali A. Ghorbani,et al.  Towards effective feature selection in machine learning-based botnet detection approaches , 2014, 2014 IEEE Conference on Communications and Network Security.

[6]  Stanislav Lange,et al.  Heuristic Approaches to the Controller Placement Problem in Large Scale SDN Networks , 2015, IEEE Transactions on Network and Service Management.

[7]  Mark Allman,et al.  A large-scale empirical analysis of email spam detection through network characteristics in a stand-alone enterprise , 2014, Comput. Networks.

[8]  Raj Jain,et al.  Network virtualization and software defined networking for cloud computing: a survey , 2013, IEEE Communications Magazine.

[9]  Paul Barford,et al.  Fast, accurate simulation for SDN prototyping , 2013, HotSDN '13.

[10]  Shian-Shyong Tseng,et al.  An Approach for Detecting a Flooding Attack Based on Entropy Measurement of Multiple E-Mail Protocols , 2015 .

[11]  T. V. Lakshman,et al.  Abstracting network state in Software Defined Networks (SDN) for rendezvous services , 2012, 2012 IEEE International Conference on Communications (ICC).

[12]  Po-Ching Lin,et al.  Detecting spamming activities by network monitoring with Bloom filters , 2013, 2013 15th International Conference on Advanced Communications Technology (ICACT).

[13]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[14]  Wei Chen,et al.  An active detecting method against SYN flooding attack , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[15]  Deep Medhi,et al.  SDNIPS: Enabling Software-Defined Networking based intrusion prevention system in clouds , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.