Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Journal of Information Systems and Informatics
Kaare, Nyamwaga M
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search
Journal : Journal of Information Systems and Informatics

 1 
Towards Self-Defending SDN Infrastructures: Real-Time Honeypot-Enabled Botnet Detection Using ONOS Kaare, Nyamwaga M; Sam, Anael Elikana
Journal of Information System and Informatics Vol 8 No 1 (2026): February
Publisher : Asosiasi Doktor Sistem Informasi Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.63158/journalisi.v8i1.1375

Abstract

Modern Software-Defined Networks (SDNs), while benefiting from centralized programmability, remain vulnerable to fast-evolving botnet attacks. This paper presents and evaluates a lightweight ONOS-based honeypot and decoy framework designed to detect and automatically block multi-vector botnet behaviors in real time. The system integrates honeypot-exposed Telnet, SMB, and DNS services with threshold-, entropy-, signature-, and correlation-based inspection within a tree topology (depth = 2, fanout = 4) consisting of five OpenFlow switches and 50 hosts. Quantitatively, the system achieved 100% detection of all signature-based attacks (55/55), 100% blocking of distributed UDP scans (50/50), and 0% false positives on benign decoy access. Median detection latency ranged between 1–3 seconds. True positives (TP), false negatives (FN), false positives (FP), and true negatives (TN) were measured using ground-truth attacker lists built into automated test scripts, yielding precision and recall of 1.00 across all malicious scenarios. This work demonstrates that combining deception with SDN-level flow automation enables effective and computationally efficient botnet defense without machine learning. A key limitation is that all evaluations were conducted exclusively in a controlled Mininet simulation, which may not fully represent real-world traffic dynamics. Future work will validate the system on physical SDN deployments and evaluate its robustness under production workloads.
Co-Authors Sam, Anael Elikana