backtop


Print 13 comment(s) - last by Adonlude.. on Nov 13 at 7:34 PM

New technology detects botnets faster and more accurately than state of the art security software

Slaying the Nemean Lion was the first of Hercules's legendary twelve tasks set forth by king Eurystheus. The lion's hide was so thick that weapons couldn't penetrate it. An apt name for a new technology developed to detect botnets, one of the most fearsome beasts of the Internet underworld.

Botnets come in various shapes and sizes, from simple information gatherers, gleaning credit cards and other personal information from user data, to the much feared brute force attack, aimed at compromising or incapacitating large networks. The eBay network was recently in the news for being the target of a particularly nasty botnet attack.

Nemean is under development at Nemean Networks, LLC, led by Paul Barford, a computer scientist at the University of Wisconsin, Madison. The technology is based on four patents, filed or being processed at the Wisconsin Alumni Research Foundation.

Nemean's performance is promising, easily besting current state of the art detection software in accurately identifying threats. In a test comparing Nemean to such state of art systems, Nemean detected 99.9% of malicious signatures while the competitor detected 99.7%. These numbers don't seem staggering until you learn that Nemean generated zero false positives, while the other technology generated 88,000.

Typical network-intrusion systems use a stored database to compare traffic against, flagging anything suspicious. The data is generated by previously detected attack signatures. Nemean, in contrast, automatically generates intrusion signatures, thus making detection faster and more precise.

Though Nemean is an ambitious endeavor, internet security will continue to evolve as more ways to penetrate and control users' systems are discovered. "This is an arms race and we're always one step behind," Barford said. "We have to cover all the vulnerabilities. The bad guys only have to find one."

Nemean's research is supported by the National Science Foundation, the Army Research Office, and the Department of Homeland Security. The technology was developed and tested at the Wisconsin Advanced Internet Laboratory.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

hmm...
By Lemonjellow on 11/9/2007 12:20:34 PM , Rating: 5
And their next project, code named "Skynet" will incorporate AI to predict and detect threats... :- )




HAHAHA
By lebe0024 on 11/9/2007 12:53:26 PM , Rating: 3
LOVE the pic!




Interesting....
By FITCamaro on 11/9/2007 12:25:35 PM , Rating: 2
I say that because it sounds exactly like work a friend of mine was doing in college for a professor. And it wasn't at that college.




UW Madison
By jsv35 on 11/9/2007 12:29:14 PM , Rating: 2
Hurray for the home team. Love to hear news of research coming from my hometown U.




By Christopher1 on 11/10/2007 9:15:52 PM , Rating: 1
We really need security software that is better than we have today, and can recognize threats BEFORE they are identified by a central organization.

I have turned on a setting in Internet Security 2007 from Norton that tells you whenever any program or even PART of a program tries to connect to the internet..... it has made my life 10,000 times better and I am much more confident that my system is clean of malware and viruses because of it.

That is something that should be built into all software, where it can analyze and say "Hmm..... this thing is trying to connect to the internet and.... wait a minute, this plugin or dll is not one that I recognize.... maybe I should ask the user if he wants to allow this thing to connect to the internet or remove it!"




Bots
By Runiteshark on 11/9/07, Rating: -1
RE: Bots
By Fenixgoon on 11/9/2007 1:36:52 PM , Rating: 5
I'm sure your compsci skills best this professors by tenfold.

Let us know when you make real contributions to computer security, and maybe you'll have a news article about yourself, too.


RE: Bots
By Runiteshark on 11/9/07, Rating: 0
RE: Bots
By psyph3r on 11/9/2007 3:16:35 PM , Rating: 2
Because we'd see a link right now instead of that statement. research is research, this is just a step in that direction.


RE: Bots
By KristopherKubicki (blog) on 11/9/2007 3:39:03 PM , Rating: 3
There's some pretty interesting research on this, on both sides of the fence. I did some research last semester on using TOR to emulate a botnet -- really fascinating stuff if anyone wants to chat about it.


RE: Bots
By Runiteshark on 11/9/2007 4:05:49 PM , Rating: 2
Heh, I didn't know TOR could emulate a botnet. I've heard of botnets using TOR in addition to using their own IP for spam/DDoS attacks, but never of just plain TOR emulating a botnet.


RE: Bots
By JackBeQuick on 11/9/2007 6:19:31 PM , Rating: 2
Up until a few months ago, you could connect and exit on exit nodes. If you know what you're doing, you still can though you'll have to write your own wrapper. If your botnet code is light enough, you can effectively multiply your bots several hundred times over until you run out of exit nodes.

The problem of course, is that TOR only has about 10,000 exit nodes at any one time. Combined with latency issues, its not real effective, but as a proof-of-concept it sure works.


RE: Bots
By Adonlude on 11/13/2007 7:34:28 PM , Rating: 2
I would really like to learn more about how all this stuff works. Any good reading material you can direct me to?


"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer

Related Articles
eBay Under Attack from Giant Botnet
September 5, 2007, 3:34 PM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki