University of California, Riverside computer scientists have developed a tool that cripples botnets by fooling them into exposing their Internet of Things (IoT) command and control (CnC) servers. The CnCHunter tool contacts a suspicious Internet server using actual malware, and observes how the malware communicates with it; meaningful dialogue between suspect and malware in botnet language indicates the server is a CnC.
They describe their work in "CnCHunter: An MITM Approach to Identify Live CnC Servers."
"We try to detect botnets proactively and by fooling malware twice, first by activating the malware in a safe environment, and then intercepting and redirecting the traffic where we want to trick the botnet to engage with us," says UC Riverside Professor Michalis Faloutsos.
The researchers ran the tool on "selected 100 IoT malware samples collected between 2017 and 2021 and were able to find their CnC servers with a 92% precision," says UC Riverside Ph.D. student Ali Davanian.
From University of California, Riverside
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found