University of Illinois at Urbana-Champaign researchers have developed a method to use a botnet's own technology to defeat it.
The researchers created an inference algorithm, called BotGrep, that collects a set of observations, such as an IP address pair with no port or packet-level information of a communications graph, and generates a list of hosts suspected as being part of the botnet. "Specifically BotGrep works by searching for connections within the communication graph—since these botnet topologies are much more highly structured than background Internet traffic, we can partition by detecting sub-graphs that exhibit different topological patterns from each other or the rest of the graph," the researchers say.
"Based on experimental results, we find that under typical workloads and topologies our techniques localize 93-99 percent of hosts with a false positive probability of less than 0.6 percent," they say.
From Network World
View Full Article
Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA
No entries found