A Next-Generation Approach to Combating Botnets

By Adeb Alhomoud, Irfan Awan, Jules Ferdinand Pagna Disso, and Muhammad Younas

NOTE: This is an overview of the entire article, which appeared in the April 2013 issue of Computer Magazine.
Click here to read the entire article.

Botnets have become a major factor in international cybercrime, with an estimated annual loss of $114B. The authors propose a nature-inspired self-healing architecture for enterprise networks to help meet this threat.

A 'botnet' refers to a collection of computers, each of which is infected by the same malware. The set of computers serve as a network of software robots ('bots'). The article begins with an exposition of the nature of botnets and their life cycles. The size and sophistication of botnets is impressive. One example cited in the article comprised 80,000 bots!

Botnets are difficult to detect and combat. The approach taken by the authors focuses not on directly destroying the net, but rather on enabling an enterprise network to mitigate the effect of a botnet infection. In a self-healing approach, a system can recognize abnormal operation and react with limited or no outside intervention to repair or isolate misfunctioning components. Applying this to the botnet threat, the network can (potentially) autonomously recognize the presence of malware, diagnose the problem, and recover from the infection.

The article describes the system architecture and illustrates its use in combatting an infection.

ABOUT THE AUTHORS

Adeb Alhomoud (a.m.alhomoud@student.bradford.ac.uk) is a PhD student in the School of Computing, Informatics and Media at the University of Bradford, UK. His research interests include botnets and malware propagation. Alhomoud is a member of IEEE.

Irfan Awan (i.u.awan@bradford.ac.uk) is a professor of computer science in the School of Computing, Informatics and Media at the University of Bradford, UK. His research interests include network secu- rity, communication systems, and performance modeling. Awan received a PhD in computer science from the University of Bradford. He is a member of IEEE and the British Computer Society, and a fellow of the Higher Education Academy.

Jules Ferdinand Pagna Disso (julesferdinand.pagna@edas.com) heads the Cyber Security Research Lab at EADS Innovation Works, Newport, UK. His research interests include cybersecurity for industrial control systems, botnets, cloud security, forensics, threat analysis, and vulnerability identification. Pagna Disso received a PhD in intrusion detection systems from the University of Bradford. He is a member of IEEE and ACM.

Muhammad Younas (m.younas@brookes.ac.uk) is a senior lecturer in computing at the Department of Computing and Communication Technologies, Oxford Brookes University, UK. His research interests include Web and Internet technologies, service-oriented computing, and pervasive and mobile information systems. Younas received a PhD in computer science from the University of Sheffield, UK. He is a member of the IEEE Computer Society.