Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

BotSifter: A SDN-based Online Bot Detection Framework in Data Centers



An Wang, Zili Zha, Yang Guo, Douglas C. Montgomery, Songqing Chen


Botnets continue to be one of the most severe security threats plaguing the Internet. Recent years have witnessed the emergence of cloud-hosted botnets along with the increasing popularity of cloud platforms, which attracted not only various applications/services, but also botnets. However, even the latest botnet detection mechanisms (e.g., machine learning based) fail to meet the requirement of accurate and expeditious detection in data centers, because they often demand intensive resources to support traffic monitoring and collection, which is hardly practical considering the traffic volume in data centers. Furthermore, they provide little understanding on different phases of the bot activities, which is essential for identifying the malicious intent of bots in their early stages. In this paper, we propose BotSifter,a SDN based scalable, accurate and runtime bot detection framework for data centers. To achieve detection scalability, BotSifter utilizes centralized earning with distributed detection by distributing detection tasks across the network edges in SDN. Furthermore, it employs a variety of novel mechanisms for parallel detection of C&C channels and botnet activities, which greatly enhance the detection robustness. Evaluations demonstrate that BotSifter can achieve highly accurate detection for a large variety of botnet variants with diverse C&C protocols.
Proceedings Title
IEEE CNS 2019 - 2019 IEEE Conference on Communications and Network Security (CNS)
Conference Dates
April 29-May 2, 2019
Conference Location
Washington D.C., DC


Machine Learning (ML), Artificial Intelligence (AI), Bot, Botnet, Cloud
Created June 10, 2019, Updated May 6, 2020