Spot a bot to stop a botnet

May 01, 2012
Botnet
Image credit: Security Networks

Computer scientists in India have developed a two-pronged algorithm that can detect the presence of a botnet on a computer network and block its malicious activities before it causes too much harm. The team describes details of the system in a forthcoming issue of the International Journal of Wireless and Mobile Computing.

One of the most significant threats faced by networks is from "bots". A bot is simply a program that runs on a computer without the owner's knowledge and carries out any of a number of tasks over the network and the wider internet. It can run the same tasks, such as sending emails or accessing a specific page on the internet, at a much higher rate than would be possible if a person were to carry out the task. A collection of bots in a network, used for malicious purposes, is a and while they are often organized and run by a so-called botmaster there are bots that are available for hire for malicious and criminal activity.

Bots might be illicitly installed on computers in the home, schools, businesses, government buildings and other installations. They are usually carried into a particular computer through a malicious link on the internet, in an email or when a contaminated external storage device, such as a USB drive is attached to a computer that has no malware protection software installed.

Botnets are known to have been used to send mass emails, spam, numbering in the hundreds of millions, if not billions of deliveries. They have also been used in corporate spying, international surveillance and for carrying out attacks known as Distributed (DDoS) attacks, which can decommission whole computer networks by accessing their servers repeatedly and so blocking legitimate users.

Manoj Thakur of the Veermata Jijabai Technological Institute (VJTI), in Mumbai, India, and colleagues have developed a novel approach to detecting and combating bots. Their technique uses a two-pronged strategy involving a standalone and a . The standalone algorithm runs independently on each node of the network and monitors active processes on the node. If it detects suspicious activity, it triggers the network algorithm. The network algorithm then analyzes the information being transferred to and from the hosts on the network to deduce whether or not the activity is due to a bot or a legitimate program on the system.

The standalone algorithm is heuristic in nature, the team says, which means it can spot previously unseen bot activity, whereas the network algorithm relies on network traffic analysis to carry out its detection. The two techniques working together can thus spot activity from known and unknown bots. This approach also has the advantage of reducing the number of false positives.

Explore further: Streaming release of 'Interview' test for industry

More information: Int. J. Wireless and Mobile Computing, 2012, 5, 144-153

Related Stories

Thwarting attacks on cell phone mesh networks

Jan 20, 2011

A Mobile Ad hoc NETwork (MANET) or cell phone mesh network uses software to transparently hook together numerous active cell phones in a location to provide greater bandwidth and better network connections by allowing users ...

Researchers devise new method of detecting botnets

Mar 25, 2011

(PhysOrg.com) -- With the threat of Botnets increasing, researchers in the Department of Electrical and Computer Engineering at Texas A&M University have devised a new method to detect their activity.

Researchers: Botnets Getting Beefier

Apr 17, 2007

Botnets are moving to more resilient architectures and more sophisticated encryption that will make them even harder to track and fight, researchers say at HotBots, a Usenix event.

Microsoft uses law to cripple hacker spam network

Feb 25, 2010

Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

Recommended for you

Streaming release of 'Interview' test for industry

7 hours ago

Sony's "The Interview" has been a hacking target, a punchline and a political lightning rod. Now, with its release online at the same time it debuts in theaters, it has a new role: a test for a new kind of ...

Web outage hardly stirs Internet-free N. Korea: experts

Dec 24, 2014

North Korea's Internet went down this week after an apparent attack but most of its citizens will not have noticed the difference in a country that does its level best to seal off foreign influence, experts say.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

dtxx
not rated yet May 01, 2012
Bot herder, not "Botmaster[sic]."
Morgan Egging
not rated yet May 01, 2012
Excellent article, but I believe it would be best not to include the word "Botmaster". I'm not aware of anyone who has used that title before, but the author uses it almost as a definition in the article.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.