Cybersecurity researchers from Deutsche Telekom Innovation Labs at Ben-Gurion University have discovered and traced six botnets by analyzing data collected from past cyber-attacks. The breakthrough research is of great importance to law enforcement agencies and cyber security specialists the world over.
“In this project,” explains Ariel Bar, one of the lead researchers on the team, “we implemented a number of unique advanced algorithms based on machine learning in order to reach the important outcomes that we achieved.”
Botnets are networks of malicious remotely updatable code that lurk on infected computers unbeknownst to their owners. Using botnets, hackers and cyber criminals can carry out powerful attacks that, until now, were largely untraceable.
A team led by Profs. Bracha Shapira and Lior Rokach analyzed data captured by a “honeypot” network run by Deutsche Telekom, one of the world’s leading telecommunications companies. The team was able to identify six separate botnets, each capable of inflicting serious criminal and monetary damage.
By analyzing the data, the team built a breakthrough program that identifies the botnet by finding similar attack patterns. Law enforcement can then track the botnet back to its administrator.
“This is the first time such a comprehensive study has been carried out and returned with unique findings,” said Dudu Mimran, CTO of Deutsche Telekom Innovation Labs@BGU.
“In addition to the aforementioned findings, there were other interesting achievements. For example, the ability to identify whether the attack emanated from a real person or from a robot, as well as the ability to predict future attacks,” Mimran said.
In 2014, the FBI announced that, in conjunction with other law enforcement agencies and private sector organizations, they had managed to disrupt a Russian botnet which targeted personal banking and had managed to steal more than $100 million.
Deutsche Telekom Innovation Labs@BGU, directed by Prof. Yuval Elovici, is a unique research lab staffed, for the most part, by faculty and students of BGU, who conduct cutting-edge cyber security research on behalf of Deutsche Telekom. Shapira, Rokach and Elovici are all members of BGU’s Department of Information Systems Engineering.