CybersecurityResearchers use advanced algorithms to identify six botnets

24 hour relative average of IPv4 addresses observed using ping requests. // Source: commons.wikimedia.com

Ben-Gurion University of the Negev (BGU) cyber security researchers have discovered and traced approximately six “botnets” by analyzing data collected from past cyberattacks. Botnets are networks of malicious, remotely updatable code that covertly lurk on infected computers.

Using botnets, which until now were largely untraceable, hackers and cyber criminals can carry out powerful attacks, spread viruses, generate spam, and commit other types of online crime.

American Associates, Ben-Gurion University of the Negev (AABGU) reports that the research was conducted at Deutsche Telekom Innovation Labs@BGU and was announced at CyberTech 2016 in Tel Aviv. DT Labs@BGU is a research facility staffed by BGU faculty and student teams that conduct cutting-edge cyber security research.

The team, led by BGU Profs. Bracha Shapira and Lior Rokach, analyzed data captured by a “honeypot” network run by Deutsche Telekom, the worldwide telecommunications company. The team developed and implemented advanced algorithms to identify the botnet by finding similar attack patterns that can then be traced back to its administrator. The team was able to identify six distinct botnets, each capable of inflicting serious criminal and monetary damage.

Dudu Mimran, chief technology officer of DT Labs@BGU, said, “This is the first time such a comprehensive study has been carried out and returned with unique findings. In addition, we were able to identify whether the attack emanated from a real person or from a robot and predict future attacks.”

In 2014, the FBI revealed that they had disrupted a Russian botnet that targeted personal bank accounts and stole $100 million.

Ben-Gurion University of the Negev is the academic sponsor of CyberTech, Israel’s largest cyber security event, organized by the Israel Defense Forces (IDF).