Honeypots Discover Multiple Botnets

Wednesday, January 27, 2016 @ 03:01 PM gHale

By analyzing honeypots with new algorithms, researchers were able to trace and detect origins of six different botnets.

Ben-Gurion University of the Negev cyber security researchers have discovered and traced six botnets by analyzing data collected from past cyber attacks. The research was conducted at Deutsche Telekom Innovation Labs@BGU and unveiled at Cybertech 2016 in Tel Aviv Wednesday.

Unpredictability as a Cyber Defense
DHS Works Toward Secure Future
Test Bed for Grid Security
New Path for Secure Communications

Botnets are networks of malicious, remotely updatable code that covertly lurk on infected computers.

Using botnets, which until now were largely untraceable, hackers and cyber criminals can carry out powerful attacks, spread viruses, generate spam, and commit other types of online crime.

Deutsche Telekom Innovation Labs@BGU is a research facility staffed by BGU faculty and student teams that conduct cyber security research.

Led by BGU Prof. Bracha Shapira and Prof. Lior Roach, the team analyzed data captured by a “honeypot” network run by Deutsche Telekom, the worldwide telecommunications company.

The team developed and implemented advanced algorithms to identify the botnet by finding similar attack patterns they can then trace back to its administrator. They were able to identify six distinct botnets, each capable of inflicting serious criminal and monetary damage.

“This is the first time such a comprehensive study has been carried out and returned with unique findings,” said Dudu Mimran, chief technology officer of Deutsche Telekom Innovation Labs@BGU. “In addition, we were able to identify whether the attack emanated from a real person or from a robot and predict future attacks.”

In 2014, law enforcement agencies revealed they had disrupted a Russian botnet that targeted personal bank accounts and stole $100 million.