Ben Gurion University researchers have developed a tool capable of predicting future botnet attacks while also distinguishing between human and automated campaigns.

Dudu Mimran, chief technology officer of the university's Deutsche Telekom Innovation Labs, says the team is investigating how the tool may benefit law enforcement.

The full results of the work have not been published but Mimram, who has previously headed research into defeating network air gaps, says the work is based on analysis of a year's worth of honeypot attack data.

"We have not published the full results of the research yet as we are further investigating what can be done with the results in terms of law enforcement," Mimran told El Reg .

"We investigated a historic database of attacks on a network of honeypots … during 2015 and we applied the concept of modelling the attacks, targets, and sources as a social network graph.

"That idea of modelling it that way was not new and has been described in a previous scientific paper, though what we did was to further refine the approach on real data and extend it with other machine learning methods."

The university team revealed the work at the Cybertech 2016 conference in Tel Aviv. They found six as-yet unnamed botnets in its analysis, applying the technique for the first time to real attack data.

Machine learning techniques allow the team's tool to distinguish human attackers from bots, a determination that was manually verified by researchers.

It could also identify "complex interconnections in between seemingly isolated attacks" Mirmran says, making it a "very valuable preventive tool".

The work is still being developed. Researchers are still honing data in lieu of providing information on the attacks to law enforcement.

"Once we have more info on the actual results we will share it." ®