Next Article in Journal
A Coaxial and Coplanar Wireless Slipring for Multi-Axis Robot Manipulators
Previous Article in Journal
Deep Learning Algorithm to Predict Cryptocurrency Fluctuation Prices: Increasing Investment Awareness
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Exposure of Botnets in Cloud Environment by Expending Trust Model with CANFES Classification Approach

by
Nagendra Prabhu Selvaraj
1,
Sivakumar Paulraj
2,
Parthasarathy Ramadass
3,
Rajesh Kaluri
4,*,
Mohammad Shorfuzzaman
5,
Abdulmajeed Alsufyani
5 and
Mueen Uddin
6
1
Department of Computational Intelligence, School of Computing, SRM Institute of Science and Technology, Kattankulathur, Chennai 603203, India
2
School of Computer Science and Engineering, Vellore Institute of Technology, Chennai 600127, India
3
Department of Computer Science and Engineering, Vel Tech Rangarjan Dr. Sagunthala R&D Institute of Science and Technology, Avadi 600062, India
4
School of Information Technology and Engineering, Vellore Institute of Technology, Vellore 632014, India
5
Department of Computer Science, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia
6
College of Computing and IT, University of Doha for Science and Technology, Doha 2713, Qatar
*
Author to whom correspondence should be addressed.
Electronics 2022, 11(15), 2350; https://doi.org/10.3390/electronics11152350
Submission received: 22 May 2022 / Revised: 3 July 2022 / Accepted: 13 July 2022 / Published: 28 July 2022
(This article belongs to the Section Computer Science & Engineering)

Abstract

:
Many cloud service providers offer access to versatile, dependable processing assets following a compensation as-you-go display. Investigation into the security of the cloud focusses basically on shielding genuine clients of cloud administrations from assaults by outer, vindictive clients. Little consideration is given to restrict malicious clients from utilizing the cloud to dispatch assaults, for example, those as of now done by botnets. These assaults incorporate propelling a DDoS attack, sending spam and executing click extortion. Bots’ detection in the cloud environment is a complex process. The purpose of this study was to create a multi-layered architecture that could detect a variety of existing and emerging botnets. The goal is to be able to detect a larger range of bots and botnets by relying on several techniques called trust model. On this work, the port access verification in trust model is achieved by a Heuristic factorizing algorithm which verifies the port accessibility between client-end-user and client server. Further, back-off features are extracted from the particular node and all these structures are trained and categorized with a Co-Active Neuro Fuzzy Expert System (CANFES) classifier. The performance of the proposed bot detection system in the internet environment is analyzed latency, detection rate, packet delivery ration, energy availability and precision.

1. Introduction

Botnets remain one of the most serious cyber security threats. This study aims to detect botnet traffic in an abstracted virtualized architecture, such as that employed by cloud service providers. Cloud computing offers enormous advantages such as cost reduction, dynamic virtualized resources, significant data storage and enhanced productivity [1]. At the same time, numerous risks occur regarding security and intrusions, for example, botnet can intercept cloud computing services, impair service, application or virtual in the cloud formation. Botnet attacks are now more complex [2] and resourceful making intruders more difficult to detect than previously. The motivation of this research is founded on ramifications presented by the botnets. This research work presents different intrusion detection systems affecting cloud resources and service. This work proposes trust model to distinguish the botnets in cloud atmosphere. The security of the network is quite complicated when the size of the network grows rapidly. The structure of the botnet system consists of a number of bots, botmaster and node or personal computer. The bot master installed the botnet malware programs on a personal computer and it becomes a bot or zombie [3]. It means that its functions are controlled by a remote bot master. Figure 1. shows the life cycle of the botnet in internet environment. The bots are infected nodes or computers which are indirectly controlled by botmaster.
The cloud computing has more security issues [4], it is a way to use the Internet in the daily life of a single machine or single room, using all the tools installed on computers. It is also the ability to use shared computing resources with local servers handling applications. Cloud computing users do not worry about the location and the storage of their data. Figure 2 shows the zombie attack pattern that moves to virtual instances in the cloud environment. The generated detectors are given a learning technique to build malicious code patterns inside the virtualized environment. If an unusual malicious activity pattern is detected it will be filtered, then reported as non-self. The c represents malicious code movement at the nodes pattern in botnet spread.
Section 2 describes the various conventional botnet detection methodologies and Section 3 recommends an innovative methodology for botnet recognition system. Section 4 illustrates the investigational results and its discussion with conventional methods and finally, Section 5 concludes this paper.

2. Related Work

Conventional botnet detection techniques are categorized into two main groups given as Honey nets Based Detection Technique and Intrusion Detection System. Various research deals with the cyber-security to detect botnet attacks and in the prevention of cloud servers. Various botnet detection research has been carried out, and attackers have created their own strategies in emerging bots and botnet attacks. So, more study is needed to increase data security in internet-based usage. Botnet detection is the most important task to improve the cyber-security against various cyber-attacks occurs in internet nowadays. According to the previous research, botnet detection techniques can be classified into two categories honeynets detection view and intrusion detection view. The intrusion detection system is further divided into sub-categories into signature based and anomaly based and is described below.

2.1. Honeynets & Honeypots Based Detection System

The term honeynets and honeypots [5] denote the end-user devices. A honeynet is a decoy network that contains one or more honeypots. This end user PC’s lay way to collect critical information about the cyber-attacks and threats. The end user PC is very easy for botmaster to attack and compromise, because it’s very vulnerable to malicious attacks. The cyber-security group will be able to make good detection practices under the collected data about the botnet attacks through these honey nets. According to the previous research the botnet change their signature from time-to-time because of the safety purpose and honey nets are important for understanding these botnet properties. In the honey net’s detection technique, honey wall is very important, which is used for monitoring, collecting, modifying and controlling communication over the honey pots.

2.2. Intrusion Detection System (IDS)

An intrusion detection system was using for monitoring the traffic flow for the malicious activities of a network. During the traffic monitoring, if any malicious attack was detected, it directly informed the administrator of the system about the attack. IDSs have the capability to take action against such malicious activities and to block the traffic coming from the virus infected system. There were two types of intrusion detection systems, one was signature based and the other was anomaly based.

2.2.1. Signature Based Detection

A prominent security mechanism is communication signature detection, which detects bot activity based on predetermined patterns and signatures acquired from well-known bots [6]. The foremost advantage of this detection technique was that signatures in this method were so simple to develop and realize. The Botmaster changes the signatures of every attack gradually to make a botnet attack more secure from the bot infected machines [6,7].

2.2.2. Anomaly Based Detection

This technique focuses on the idea of criterion for network performance. The anomaly-based botnet detection technique can accept only that network activities or traffic which was specified by the administrators. In this technique, the rule should be defined in advance for each protocol, and each should be tested for accuracy. It detects those events which were not related to the feed or accepted model of performance. The anomaly-based detection technique has also some disadvantages, mainly the complexity of rules such that for different protocols, different rules are defined. The anomaly-based technique also has some limitations about the time and monitoring the bot infected the machines [8,9]. This technique can be further categorized into network and host-based detection techniques.
BotHunter, a method for botnet detection, which entails correlating alarms from different network intrusion detection system (NIDS) elements which reside at the egress boundary and BotMiner a botnet detection method which clusters: communications traffic (C-Plane), which identifies which hosts are talking to which other hosts, and activity traffic [9].
Stinson & Mitchell [10] proposed a technique called botSwat that characterized the remote behavior of bots via the identification of selected system call arguments containing data received over the network. The Garlic architecture, which was a distributed botnet suppression system which suppresses the botnets in clouds, was proposed by Han [11]. Based on an overlay network, the Collaborative Network Security System is designed Han [12,13] which automatically collected in a dispersed mode, the security center collects network traffic from each collaborating UTM (Unified threat management) and then processes it. Domain name Generation Algorithm [14] for the detection and mitigation of Zeus and Conficker botnets in a wide range of collaborative network. The authors extracted various traffic features from each node in the network and these traffic features were given to the classifier. The authors applied different machine learning algorithms on the detection process of botnets and the methodology achieved 98.5% of the average detection accuracy and a 1.2% false-positive rate. The Intrusion Detection System [15,16] was proposed for botnet classifications. The proposed system in this paper monitored the network traffic against vulnerabilities with respect to various attacks. The authors used deep neural networks for botnet detection and classifications and also the authors achieved 99% overall botnet detection accuracy for their system.
The following points are experimental from the conventional approaches:
  • Most of the conventional methods consume high latency to detect bots in cloud environment.
  • Low detection rate for bots’ detection when the number of bots increases.
This paper proposes trust model with CANFES classifier-based bots detection methodology in cloud environment in order to eliminate the limitations of the conventional bot detection systems.

3. Proposed Method

Botnets are important threats in cloud computing environment and its detection procedure is having high complexity due to the tractability in cloud area. In this paper, a trust model is developed to detect bots in cloud environment. Generally, cloud computing environment constitutes of client server, cloud server and interfacing medium. The client server has lot of client-end-users which is responsible for forming queue between multiple client-end-users based on their request. Cloud server is located in cloud environment which receives the requests from client server and grants their requests based on their trust ability. It also constitutes for a lot of cloud service providers, which provides uninterrupted service to the client-end-users to access cloud environment. Interfacing medium is the interfacing task between client server and cloud server. There may be ahigh possibility for bot attacks in client-end-user and client server. This paper provides the methodology to detect the bots in client servers, so that, the performance of the cloud environment would not be affected.
The client-end-user, who wishes to access the cloud, generates a service-request to client server. The client server receives the client’s service-request and checks the availability of channels in interfacing medium. This paper proposes a trust model in client server and cloud server which uses soft computing approach to detect the presence of bots as client-end-user.
Figure 3 demonstrate the architectural illustration of the proposed botnet recognition system using CANFES classifier. The trust model has three components:
  • Port Access Verification
  • Back-off trust features
  • Classifications

3.1. Heuristic Factorizing Algorithm

The port access verification in trust model is achieved by Heuristic factorizing algorithm which verifies the port accessibility between client-end-user and client server. The procedure for the Heuristic factorizing procedure is defined in the following section as:
Step 1: Determine the Heuristic Index (HI) of the port which generates service-request to the client server. The heuristic index is computed using individual weight of the ports for each client-end-user. It is given as:
H I 1 = i = 1 N w i × ( 1 d i n i )
where wi is the weight of the individual port for each individual client-end-user and dini is the number of service request bits in an individual packet i.
The weight of the individual port for the individual client-end-user is computed based on the following equation as:
w i = α + 1 R 2 1
where α is the quantity of packets acknowledged correctly at an individual port and R is the quantity of packets wrongly received at an individual port in client-end-server architecture.
Step 2: Determine the rational factor (ri) of the individual port in firewall as:
r i = i = 1 N E i × ( S A ) p a c k e t i + ( D A ) p a c k e t i N
where Ei is the energy of the individual port; SA: Source Address; DA: Destination; Address; N: Total number of individual ports and it depends on type of client-end-user.
The rational factor determines the originality of the source and destination address, and it is correlated to the number of ports in firewall system. In this paper, the length or size of the source and destination address is 10 bits long and the data length is 16 bits long. The concert of the projected firewall system is high when the value of rational factor is high, and the concert of the projected firewall system is low when the value of rational factor is low.
Step 3: Determine the connectivity factor of the individual port using the following equation as:
C i = E i r i × ( E i 1 ) × ( r i 1 ) N ;   i = 1   t o   N
The connectivity factor of the port in client-end-server decides the behavior of the incoming requests from various source ports in various cloud environments. The value of connectivity factor must lie between 0 and 100. If the computed connectivity factor is not in the range, then the client-end-server system performance is low and there may be number of malicious requests.
Step 4: Find the similarity difference index of the individual port as stated in below equation as:
D i = E i + r i ( C i 1 ) × N
The similarity index shows the resemblance of the received requests in different individual port at client-end-server system with respect to the energy index and rational factor. Low similarity index illustrates the impact of bots in the individual port and high similarity index illustrates the originality of the requests received from various domain networks.
Step 5: Find the minimum of similarity difference index as:
M = Min (D1, D2, D3, D4)
If M is Di, then the request received from port i of the client-end-server is affected by bot.

3.2. Back-Off Trust Features

The collective probability of the packet delivery rate for the distinct peer in P2P network is:
φ = i = 1 N φ i
where φ i is the possibility of packet delivery rate.
The heuristic bandwidth of the centralized peer in P2P network is:
B c = N × R
where R is the streaming rate of the centralized peer and N is the over-all number of peers adjacent to the centralized peer.
The heuristic bandwidth of the individual peer in P2P network is:
B i = φ × N × U
where U is the exponential distribution rate and its well-defined as:
U = λ λ + γ
where the arrival rate is characterized as λ and delivery rate is characterized as   γ .
The trust feature of the individual peer is constructed on the heuristic bandwidth of the centralized and individual peer in P2P network and it is calculated as:
T f = B c B i

3.3. Classification

In this paper, Co-Active Neuro Fuzzy Expert System (CANFES) is used as classifier to classify the input service request from client-end-user. The internal architecture of CANFES classifier is given in the following Figure 4.
This CANFES classification architecture [17] consists of a single input layer, 3 hidden layers and single output layer. The input layer keeps the number of extracted features and passes this information to the next level hidden layer, which can be constructed by 15 neurons. The weight level of each neuron in each hidden layer is adaptive and its value is changed in accordance with the input extracted features. The neuron in output layer produces the output pattern by summing up all the index values which are obtained from the previous hidden layer. CANFES architecture can be operated in two modes as training the input features of the client-end-user requests and produces trained patterns. The similar CANFES architecture is now getting input features from real time client end user requests. These feature sets are classified against with trained patterns thus, produces classified responses either trusty or non-trusty requests. This CANFES architecture have inbuilt fuzzy rules as unsupervised form. This architecture has three internal layers whereas the first layer is the input layer which receives input features from the client end user and the second layer is a hidden layer. Third layer is the output layer which is responsible for producing an output. Each layer has number of neurons which are trained by weight factor. In this paper, 2 neurons are set in the input layer which directly receives the features in both training and classification mode. The hidden layer has 10 neurons after several levels of training to get an optimum response. The output layer has been operated with a single neuron, which produces an output as either low or high. Low values indicate that the request from the client-end-user is fake and high values indicate that the request from client-end-user is trusty. In Figure 4, weights of the fuzzy membership functions are represented by w1 and w2, the fuzzy rules are represented by A1, A2, B1 and B2. In this paper, the triangular membership function is used as a membership function.

4. Result Discussion on Performance Analysis

The suggested bots detection system’s performance in a cloud environment is evaluated using the cloudsim simulator [18] in terms of latency and malicious packet detection rate as a function of network node or computer count. Table 1 shows the simulation tool’s starting configuration. The maximum number of packets per client-end-user employed in this work is 1500, and each node or computer transfers packets at a rate of 100 kb/s with a 100 mJ per cycle energy consumption.

4.1. Latency

It defines the time taken by the designed bot detection system architecture to identify the suspicious requests which are passing through the client-server unit. It is measured in milliseconds. The latency is computed using the following formula:
Latency = time request received in serverrequest generated in client
For a better network environment, latency should be low. Table 2 defines the latency of the projected bot detection architecture for dissimilar number of client-end-users. The latency will be amplified when the number of bots surges. The latency of the projected system is 2.17 ms when there are 10 numbers of bots in the system. The latency of the proposed system is 14.74 ms when there are 100 numbers of bots in the system.
Figure 5 shows the graphical illustration of the latency analysis for the proposed system architecture using Similarity Index Algorithm.

4.2. Malicious Packet Detection Rate

It specifies the pace at which the proposed bot detection system detects malicious requests. It is the proportion of harmful requests detected by the proposed system to the total number of malicious requests in the cloud. It is given in the following equation as:
PDR = nMalicious nSentPackets   100 %
where nMalicious = Number of malicious requests detected; nSentPackets = Number of sent packets.
It is expressed as a percentage. For a better cloud environment, the detection rate should be high as explained in Table 3. The detection rate of the suggested system design for varied numbers of bots is shown in Table 3. As the number of bots grows, the detection rate will decrease. When there are ten bots in the suggested system, the detection rate of the proposed system is 98 percent. When there are 100 people, the proposed system has a detection rate of 87 percent, 100 bots in the proposed system are depicted in Figure 5.
Figure 6 shows the graphical illustration of the malicious packets detection rate analysis for the proposed system architecture using Similarity Index Algorithm.
Table 4 compares the proposed bot detection system to existing approaches such as Subramaniam et al. (2016) [12], Omar Y et al. (2016) [15], and Dilara et al. (2019) [11]. The proposed firewall system has a latency of 14.74 milliseconds and an 87 percent detection rate, whereas conventional methodologies such as Subramaniam et al. (2016) [12] had a latency of 17.54 milliseconds and an 81 percent detection rate, Omar Y et al. (2016) [15] had a latency of 18.95 milliseconds and an 85 percent detection rate, and Dilara et al. (2019) [11] had a latency of 19.38 milliseconds.

4.3. Packet Delivery Ratio (PDR)

The number of packets correctly received in each node of the system is defined as PDR. It is the ratio between number of packets correctly received and the total number of packets sent and it is measured in terms of percentage. It is given in the following equation as:
PDR = nReceivedPackets nSentPackets   100 %
where nReceivedPackets = Number of received packets; nSentPackets = Number of sent packets.
The performance of the suggested bot net detection system is assessed in terms of PDR for different bots 10, 20, 30, 40, 50, and 60 in this proposed work. Table 5 shows performance comparisons of the proposed botnet detection method with standard solutions.
Figure 7 shows the graphical comparisons of the PDR for the proposed botnet detection system with respect to conventional systems as Subramaniam et al. (2016) [12], Omar Y et al. (2016) [15] and Dilara et al. (2019) [11]. It is very clear from the figure; the proposed botnet detection and classification system achieves high PDR when compared with other conventional bots detection system.

4.4. Energy Availability

During the bot identification process, each node in the cloud system consumes a specific amount of energy. When the number of bots in the system grows, the amount of energy available decreases. Each node’s starting energy is set to 1500 J. Comparisons of energy availability for bots 10, 20, 30, 40, 50, and 60 are shown in Table 6.
Figure 8 shows the graphical comparisons of the energy availability for the proposed botnet detection system with respect to conventional systems as Subramaniam et al. (2016) [12] and Omar Y et al. (2016) [15]. It is very clear from Figure 7, the proposed botnet detection and classification system achieves high energy availability when compared with other conventional bot detection systems.

4.5. Precision

It is defined as the ratio of the number of packets recovered that are relevant to the number of packets that are irrelevant. It is expressed as a percentage. When the degree of precision is high, the proposed system performs well. As shown in Table 7, the proposed system performs poorly when the precision value is low.
Figure 9 shows the graphical comparisons of the precision for the proposed botnet detection system with respect to conventional systems as Subramaniam et al. (2016) [12] and Omar Y et al. (2016) [15]. It is very clear from Figure 8, the proposed botnet detection and classification system achieves high precision when compared with other conventional bots detection system.

5. Conclusions

In this proposed work, bots affected client-end-server in cloud environment is identified using CANFES classification approach. This proposed approach consists of port access verification, feature extraction and classification modules. The back-off features are extracted from each client-end-user request. The CANFES classifier is used to train and classify all of these retrieved features. By comparing the performance of the proposed Trust Model with CANFES Classification Approach with the existing the conventional methodologies as Subramaniam et al. (2016) [12], Omar Y et al. (2016) [15], Dilara Z et al. (2019) [11], the dominance of the proposed construction is validated. The comparison results prove that the suggested architecture provides optimal Latency, Malicious Packet Detection Rate, Packet Delivery Ratio (PDR), Energy Availability and Precision.
The future scope of this research work can be pointed out as following.
  • The efficiency of the proposed bot detection methodology in the cloud environment will be improved by detecting and mitigating dead and selfish nodes.
  • The security of the botnet detection system will be improved by implementing various cryptographic techniques at both client and server end.
  • The bots and bot master detected ratio will be increased by implementing optimization techniques such as Genetic Algorithm (GA) and Particle Swarm Optimization (PSO) technique. These optimization techniques select the optimum feature set from the set of extracted features which increases the detection ratio of the bots and bot master in cloud environment.

Author Contributions

Conceptualization, A.A. and N.P.S.; Data curation, M.S. and M.U.; Formal analysis, P.R.; Investigation, R.K. and N.P.S.; Methodology, A.A., S.P. and N.P.S.; Project administration, P.R., R.K. and M.U.; Resources, P.R., N.P.S., S.P. and M.S.; Supervision, R.K., S.P. and N.P.S.; Validation, A.A. and M.U.; Visualization, M.U.; Writing—review & editing, M.S. and N.P.S. All authors have read and agreed to the published version of the manuscript.

Funding

We deeply acknowledge Taif University for Supporting this study through Taif University Researchers Supporting Project number (TURSP-2020/115), Taif University, Taif, Saudi Arabia.

Acknowledgments

The authors like to express their gratitude to their friends and colleagues for their unwavering support and assistance throughout the study and in obtaining the results.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Feily, M.; Alireza, S.; Sureswaran, R. A Survey of Botnet and Botnet Detection. In Proceedings of the Third International Conference on Emerging Security Information, Systems and Technologies, Athens, Glyfada, 18–23 June 2009. [Google Scholar] [CrossRef]
  2. Sgbau, A. A Review-Botnet Detection and Suppression in Clouds. J. Inf. Eng. Appl. 2013, 3, 1686–1691. [Google Scholar]
  3. Iftikhar, U.; Asrar, K.; Waqas, M.; Abbas, S. BOTNETs: A Network Security Issue. Int. J. Adv. Comput. Sci. Appl. 2020, 11, 432–436. [Google Scholar] [CrossRef]
  4. Jiang, Y.; Huang, J.; Ding, J.; Liu, Y. Method of fault detection in cloud computing systems. Int. J. Grid Distrib. Comput. 2014, 7, 205–212. [Google Scholar] [CrossRef]
  5. Nagendra Prabhu, S.; Shanthi, D. Examining zeus botnet by adopting key extraction and malicious traffic detection framework using DNS. Int. J. Appl. Eng. Res. 2015, 10, 6987–7007. [Google Scholar]
  6. Tan, K.M.C.; Killourhy, K.S.; Maxion, R.A. Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits. In Recent Advances in Intrusion Detection; RAID 2002. Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2000; Volume 2516, pp. 54–73. [Google Scholar]
  7. Liu, C.P.; Lin, I. A Survey of Botnet Architecture and Botnet Detection Techniques. Int. J. Netw. Secur. 2014, 16, 81–89. [Google Scholar]
  8. Alshamkhany, M.; Alshamkhany, W.; Mansour, M.; Khan, M.; Dhou, S.; Aloul, F. Botnet Attack Detection Using Machine Learning. In Proceedings of the 14th IEEE International Conference on Innovations in Information Technology (IIT), Al Ain, United Arab Emirates, 17–18 November 2020. [Google Scholar] [CrossRef]
  9. Elhoseny, M.; Thilakarathne, N.N.; Alghamdi, M.I.; Mahendran, R.K.; Gardezi, A.A.; Weerasinghe, H.; Welhenge, A. Security and Privacy Issues in Medical Internet of Things: Overview, Countermeasures, Challenges and Future Directions. Sustainability 2021, 13, 11645. [Google Scholar] [CrossRef]
  10. Han, Z.; Chen, H.; Liang, Y. A distributed botnets suppression system. In Proceedings of the IEEE ICDCS workshop on the First International Workshop on Network Forensics, Security and Privacy (NFSP), Macau, China, 18–21 June 2012; pp. 634–639. [Google Scholar]
  11. Dilara, A.; Muttukrishnan, R.; Nikos, K.; Zarpelão, B. Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks. Hindawi Secur. Commun. Netw. 2019, 2019, 3745619. [Google Scholar] [CrossRef]
  12. Subramaniam, T.K.; Deepa, B. A Multi-Level Security for Preventing Attacks in Cloud Enviroments. Int. J. Mach. Learn. Appl. 2016, 3, 19–31. [Google Scholar]
  13. Mahendran, R.K.; Velusamy, P. A secure fuzzy extractor based biometric key authentication scheme for Body Sensor Network in internet of medical things. Comput. Commun. 2020, 153, 545–552. [Google Scholar] [CrossRef]
  14. Truong, D.T.; Cheng, G.; Jakalan, A.; Guo, X.J.; Zhou, A.P. Detecting DGA-Based Botnet with DNS Traffic Analysis in Monitored Network. J. Internet Technol. 2016, 17, 217–230. [Google Scholar]
  15. Al-Jarrah, O.Y.; Alhussein, O.; Yoo, P.D.; Muhaidat, S.; Taha, K.; Kim, K. Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection. IEEE Trans. Cybern. 2016, 46, 1796–1806. [Google Scholar] [CrossRef] [PubMed]
  16. Nagendra, S.; Shanthi, D.; Chandrasekar, V.; Shanthi, S. Recognition of botnet by examining link failures in cloud network by exhausting canfes classifier approach. Adv. Intell. Syst. Comput. 2021, 1171, 179–189. [Google Scholar]
  17. Saravanan, S.; Thirumurugan, P. Performance Analysis of Glioma Brain Tumor Segmentation using Ridgelet Transform and CANFES Methodology. J. Med. Imaging Health Inform. 2020, 10, 2642–2648. [Google Scholar] [CrossRef]
  18. Calheiros, R.N.; Ranjan, R.; De Rose, C.A.; Buyya, R. CloudSim: A Novel Framework for Modeling and Simulation of Cloud Computing Infrastructures and Services. Grid Computing and Distributed Systems Laboratory; The University of Melbourne: Parkville, Australia, 2009. [Google Scholar]
Figure 1. Botnet lifecycle.
Figure 1. Botnet lifecycle.
Electronics 11 02350 g001
Figure 2. Flow Process of the cloud computing system.
Figure 2. Flow Process of the cloud computing system.
Electronics 11 02350 g002
Figure 3. Architectural Diagram of the Proposed Method.
Figure 3. Architectural Diagram of the Proposed Method.
Electronics 11 02350 g003
Figure 4. Architecture of CANFES.
Figure 4. Architecture of CANFES.
Electronics 11 02350 g004
Figure 5. Graphical illustration of latency analysis.
Figure 5. Graphical illustration of latency analysis.
Electronics 11 02350 g005
Figure 6. Graphical illustration of malicious packets detection rate analysis.
Figure 6. Graphical illustration of malicious packets detection rate analysis.
Electronics 11 02350 g006
Figure 7. Graphical comparisons of PDR.
Figure 7. Graphical comparisons of PDR.
Electronics 11 02350 g007
Figure 8. Comparisons of Energy availability.
Figure 8. Comparisons of Energy availability.
Electronics 11 02350 g008
Figure 9. Comparisons of Precision.
Figure 9. Comparisons of Precision.
Electronics 11 02350 g009
Table 1. Initial Network parameters system.
Table 1. Initial Network parameters system.
ConstraintsPreliminary Value
Determined packets1500
Throughput100 kb/s
Energy consumption100 mJ per cycle
Total no. LANs2
No. of computers in Each LAN25
Total no. WAN s2
No. of computers in Each LAN30
Table 2. Initial Network parameters system.
Table 2. Initial Network parameters system.
No. of BotsLatency (ms)
102.17
203.92
304.18
407.39
508.72
609.01
709.47
8010.76
9012.84
10014.74
Table 3. Analysis of malicious packet detection rate.
Table 3. Analysis of malicious packet detection rate.
No. of BotsDetection Rate (%)
1098
2097
3096
4095
5094
6093
7092
8091
9089
10087
Table 4. Analysis of malicious packet detection rate.
Table 4. Analysis of malicious packet detection rate.
OrganizationsLatency (ms)Detection Rate (%)
Proposed methodology14.7487
Subramaniam et al. (2016) [12]17.5481
Omar Y et al. (2016) [15]18.9585
Dilara et al. (2019) [11]19.3880
Table 5. Comparisons of PDR using CANFES training.
Table 5. Comparisons of PDR using CANFES training.
Number of BotsPDR (%)
Proposed MethodSubramaniam et al. (2016) [12]Omar Y et al. (2016) [15]Dilara et al. (2019) [11]
1099.196.295.192.5
2098.795.194.691.6
3097.692.193.287.6
4096.587.691.785.3
5094.785.486.982.7
6093.184.285.479.9
Average96.690.191.186.6
Table 6. Comparisons of Energy utilization.
Table 6. Comparisons of Energy utilization.
Bots Affected NodesEnergy Availability (mJ)
Proposed MethodSubramaniam et al. (2016) [12]Omar Y et al. (2016) [15]
10145613821328
20139812981201
30129111961097
401109998953
50986956876
60964921810
Average1200.61125.11044.1
Table 7. Comparisons of Precision.
Table 7. Comparisons of Precision.
Bots Affected NodesPrecision (%)
Proposed MethodSubramaniam et al. (2016) [12]Omar Y et al. (2016) [15]
10989697
20959492
30919089
40898786
50878684
60858281
Average90.889.188.1
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Selvaraj, N.P.; Paulraj, S.; Ramadass, P.; Kaluri, R.; Shorfuzzaman, M.; Alsufyani, A.; Uddin, M. Exposure of Botnets in Cloud Environment by Expending Trust Model with CANFES Classification Approach. Electronics 2022, 11, 2350. https://doi.org/10.3390/electronics11152350

AMA Style

Selvaraj NP, Paulraj S, Ramadass P, Kaluri R, Shorfuzzaman M, Alsufyani A, Uddin M. Exposure of Botnets in Cloud Environment by Expending Trust Model with CANFES Classification Approach. Electronics. 2022; 11(15):2350. https://doi.org/10.3390/electronics11152350

Chicago/Turabian Style

Selvaraj, Nagendra Prabhu, Sivakumar Paulraj, Parthasarathy Ramadass, Rajesh Kaluri, Mohammad Shorfuzzaman, Abdulmajeed Alsufyani, and Mueen Uddin. 2022. "Exposure of Botnets in Cloud Environment by Expending Trust Model with CANFES Classification Approach" Electronics 11, no. 15: 2350. https://doi.org/10.3390/electronics11152350

APA Style

Selvaraj, N. P., Paulraj, S., Ramadass, P., Kaluri, R., Shorfuzzaman, M., Alsufyani, A., & Uddin, M. (2022). Exposure of Botnets in Cloud Environment by Expending Trust Model with CANFES Classification Approach. Electronics, 11(15), 2350. https://doi.org/10.3390/electronics11152350

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop