Figure 2
Botnet is one of the major threats to cloud computing. It is a
combination of two words, namely Bot and Net Robot is the word ’ Bot ’
and the network is the term ’ Net. Botnet involves a network of computer
systems that are infected and controlled by a human bot master or a bot
herder.[1].with the assistance of C&C servers, the botmasters
regulates the infected equipment remotely. Once a node is infected with
malicious scripts or codes, the infected node joins the botnet as
directed in the code and operates without user understanding for the
botmasters. The Botnet also proliferates and infects much equipment. The
attackers are carrying out numerous criminal operations such as DDoS,
clicking fraud, phishing, spamming, sniffing traffic, and spreading
botnet malware. The botnets are categorized as IRC, P2P botnet, HTTP
botnet and hybrid botnet based on the C&C channel [2].
Thepresent botnet detection approaches use two primary groups to define
the assaults triggered by the botnet, namely the honeynet-based
detection method and the intrusion detection system[3]. Upon
detection of the botnet, threat effect reduction methods such as
proactive defense methods and reactive defense techniques [4] are
used to heal botnet-caused infections. In order to safeguard the cloud
network, it is essential to identify the botnets at their original
phases and stop the assaults that they cause.
The botnet’s conduct in network systems and the evaluation of their
conduct helps predict their nature of network assault. Monitoring this
data leads to a psychological distinction of two forms of active and
passive analysis. The active assessment detects and deactivates the
possible malware [5].
Honeypot and Honeynets are popular active techniques of assessment used
to identify botnet. Honeypots are vulnerabilities that are deliberately
implemented to detect intrusions and assaults in the cloud setting
[6]. The honeypot is categorized into two kinds based on the
emulation ability: high-interaction and low-interaction. In the high
interaction honeypot, nearly all features of the actualworkingscheme are
simulated. Only the recognized ports and protocols are answered [7].
The small honeypot interaction simulates only the actual operating
system’s main characteristics. High honeypot interaction enables the
attackers to achieve complete control of the operating system, while low
honeypot interaction restricts attackers from gaining complete control
of the operating system as characteristics are restricted[8].
Different sizes of honeypots are merged into a honeynet in the cloud
network. Honeynet’s critical elements include, restricted scalability,
inability to detect internet assaults, the ability to monitor only
malicious operations when interacting with them, difficulties in the
discovery of infected devices, and Systems that are impacted by
honeybots are not monitored. In addition, only the expected infected
machines are recorded [9].
The honeywall is the entry and departure point for all the
netcirculation of the honeypot. The honeywall controls and analyzes all
the network traffic that arrives and leaves the honeynet or honeypot
system. The network traffic gathered assists the honeywall in their
process of assessment. The C&C server IP address, port address,
authentication password, connecting botnet channel name is determined by
the honeywall’s information capture capacity [10].Passive evaluation
controls the botnet-created traffic without the message being corrupted
or changed. It analyzes primarily the secondary impacts of botnet
traffic. The advantage of the passive method of analysis is that
detection activity cannot be perceived by the botmasters. The techniques
of passive assessment are very difficult to deploy in the cloud setting
[11]. Thus to overcome all the above mentioned issue, we proposed an
robustive network traffic analyzer to efficiently analyze and identify
botmaster who influence the botnet attack in cloud network.
Thus, the remaining of the paper is prepared as follows: section 2
describe about the papers deals with the security and attacks in cloud
environment; our contribution over the paper i.e., proposed work has
deliberate in section 3; section 4 follows the result and the output of
our proposed work; finally, the overall work is concluded in the section
5.