An intelligent botnet blocking approach in software defined networks using honeypots

Using a massive number of coordinated and distributed machines, botnets have become one of the most sophisticated cyber threats. However, software defined networking leads to more effective mitigation approaches by providing a flexible and dynamic way to control the network. Existing botnet detection approaches fail to detect unknown botnet threats and are time consuming. Facing these shortcomings motivates us to employ honeypots as a competent solution. We propose a novel blocking approach that uses honeypots to detect and efficiently prevent botnet propagation in software defined networks. This approach identifies the relationship among botnet members and intelligently blocks them. We also design and implement a deception system based on our blocking approach with two goals: reducing the botnet infection rate and wasting the adversary’s time. Experimental results, which are based on a real malware, show that our proposed system compared with current blocking approaches can reduce the infection rate up to 25% and increase the adversary’s wasted time by a factor of four. Our system also provides a satisfactory detection performance.