Spot a bot to stop a botnet

May 01, 2012
Botnet
Image credit: Security Networks

Computer scientists in India have developed a two-pronged algorithm that can detect the presence of a botnet on a computer network and block its malicious activities before it causes too much harm. The team describes details of the system in a forthcoming issue of the International Journal of Wireless and Mobile Computing.

One of the most significant threats faced by networks is from "bots". A bot is simply a program that runs on a computer without the owner's knowledge and carries out any of a number of tasks over the network and the wider internet. It can run the same tasks, such as sending emails or accessing a specific page on the internet, at a much higher rate than would be possible if a person were to carry out the task. A collection of bots in a network, used for malicious purposes, is a and while they are often organized and run by a so-called botmaster there are bots that are available for hire for malicious and criminal activity.

Bots might be illicitly installed on computers in the home, schools, businesses, government buildings and other installations. They are usually carried into a particular computer through a malicious link on the internet, in an email or when a contaminated external storage device, such as a USB drive is attached to a computer that has no malware protection software installed.

Botnets are known to have been used to send mass emails, spam, numbering in the hundreds of millions, if not billions of deliveries. They have also been used in corporate spying, international surveillance and for carrying out attacks known as Distributed (DDoS) attacks, which can decommission whole computer networks by accessing their servers repeatedly and so blocking legitimate users.

Manoj Thakur of the Veermata Jijabai Technological Institute (VJTI), in Mumbai, India, and colleagues have developed a novel approach to detecting and combating bots. Their technique uses a two-pronged strategy involving a standalone and a . The standalone algorithm runs independently on each node of the network and monitors active processes on the node. If it detects suspicious activity, it triggers the network algorithm. The network algorithm then analyzes the information being transferred to and from the hosts on the network to deduce whether or not the activity is due to a bot or a legitimate program on the system.

The standalone algorithm is heuristic in nature, the team says, which means it can spot previously unseen bot activity, whereas the network algorithm relies on network traffic analysis to carry out its detection. The two techniques working together can thus spot activity from known and unknown bots. This approach also has the advantage of reducing the number of false positives.

Explore further: T-Mobile deal helps Rhapsody hit 2M paying subs

More information: Int. J. Wireless and Mobile Computing, 2012, 5, 144-153

Related Stories

Thwarting attacks on cell phone mesh networks

Jan 20, 2011

A Mobile Ad hoc NETwork (MANET) or cell phone mesh network uses software to transparently hook together numerous active cell phones in a location to provide greater bandwidth and better network connections by allowing users ...

Researchers devise new method of detecting botnets

Mar 25, 2011

(PhysOrg.com) -- With the threat of Botnets increasing, researchers in the Department of Electrical and Computer Engineering at Texas A&M University have devised a new method to detect their activity.

Researchers: Botnets Getting Beefier

Apr 17, 2007

Botnets are moving to more resilient architectures and more sophisticated encryption that will make them even harder to track and fight, researchers say at HotBots, a Usenix event.

Microsoft uses law to cripple hacker spam network

Feb 25, 2010

Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

Recommended for you

T-Mobile deal helps Rhapsody hit 2M paying subs

16 hours ago

(AP)—Rhapsody International Inc. said Tuesday its partnership with T-Mobile US Inc. has helped boost its number of paying subscribers to more than 2 million, up from 1.7 million in April.

Airbnb woos business travelers

16 hours ago

Airbnb on Monday set out to woo business travelers to its service that lets people turn unused rooms in homes into de facto hotel space.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

dtxx
not rated yet May 01, 2012
Bot herder, not "Botmaster[sic]."
Morgan Egging
not rated yet May 01, 2012
Excellent article, but I believe it would be best not to include the word "Botmaster". I'm not aware of anyone who has used that title before, but the author uses it almost as a definition in the article.