Figure 2
Botnet is one of the major threats to cloud computing. It is a combination of two words, namely Bot and Net Robot is the word ’ Bot ’ and the network is the term ’ Net. Botnet involves a network of computer systems that are infected and controlled by a human bot master or a bot herder.[1].with the assistance of C&C servers, the botmasters regulates the infected equipment remotely. Once a node is infected with malicious scripts or codes, the infected node joins the botnet as directed in the code and operates without user understanding for the botmasters. The Botnet also proliferates and infects much equipment. The attackers are carrying out numerous criminal operations such as DDoS, clicking fraud, phishing, spamming, sniffing traffic, and spreading botnet malware. The botnets are categorized as IRC, P2P botnet, HTTP botnet and hybrid botnet based on the C&C channel [2].
Thepresent botnet detection approaches use two primary groups to define the assaults triggered by the botnet, namely the honeynet-based detection method and the intrusion detection system[3]. Upon detection of the botnet, threat effect reduction methods such as proactive defense methods and reactive defense techniques [4] are used to heal botnet-caused infections. In order to safeguard the cloud network, it is essential to identify the botnets at their original phases and stop the assaults that they cause.
The botnet’s conduct in network systems and the evaluation of their conduct helps predict their nature of network assault. Monitoring this data leads to a psychological distinction of two forms of active and passive analysis. The active assessment detects and deactivates the possible malware [5].
Honeypot and Honeynets are popular active techniques of assessment used to identify botnet. Honeypots are vulnerabilities that are deliberately implemented to detect intrusions and assaults in the cloud setting [6]. The honeypot is categorized into two kinds based on the emulation ability: high-interaction and low-interaction. In the high interaction honeypot, nearly all features of the actualworkingscheme are simulated. Only the recognized ports and protocols are answered [7]. The small honeypot interaction simulates only the actual operating system’s main characteristics. High honeypot interaction enables the attackers to achieve complete control of the operating system, while low honeypot interaction restricts attackers from gaining complete control of the operating system as characteristics are restricted[8]. Different sizes of honeypots are merged into a honeynet in the cloud network. Honeynet’s critical elements include, restricted scalability, inability to detect internet assaults, the ability to monitor only malicious operations when interacting with them, difficulties in the discovery of infected devices, and Systems that are impacted by honeybots are not monitored. In addition, only the expected infected machines are recorded [9].
The honeywall is the entry and departure point for all the netcirculation of the honeypot. The honeywall controls and analyzes all the network traffic that arrives and leaves the honeynet or honeypot system. The network traffic gathered assists the honeywall in their process of assessment. The C&C server IP address, port address, authentication password, connecting botnet channel name is determined by the honeywall’s information capture capacity [10].Passive evaluation controls the botnet-created traffic without the message being corrupted or changed. It analyzes primarily the secondary impacts of botnet traffic. The advantage of the passive method of analysis is that detection activity cannot be perceived by the botmasters. The techniques of passive assessment are very difficult to deploy in the cloud setting [11]. Thus to overcome all the above mentioned issue, we proposed an robustive network traffic analyzer to efficiently analyze and identify botmaster who influence the botnet attack in cloud network.
Thus, the remaining of the paper is prepared as follows: section 2 describe about the papers deals with the security and attacks in cloud environment; our contribution over the paper i.e., proposed work has deliberate in section 3; section 4 follows the result and the output of our proposed work; finally, the overall work is concluded in the section 5.