Scientists Consider How To Fight Botnets
The University of Wisconsin-Madison News has an interesting story on Paul Barford, a computer scientist at the University of Wisconsin-Madison. He is developing new tools to fight botnets.
One of the most menacing aspects of botnets is that they can go largely undetected by the owner of a personal computer. That feature has allowed botnets to grow exponentially online, with millions of infected computers bought and traded on an underground market that one security company estimates has surpassed $1 billion in activity, Barford says.
Motivated by this growing threat, Barford is developing a new technology that may head off hackers at the pass.
Most network-intrusion systems today are comparing traffic against a database, collected by hand, of previously recognized attack signatures. The innovation with Nemean is a method to automatically generate intrusion signatures, making the detection process faster and more precise.
The Achilles' heel of current commercial technology is the number of false positives they generate, Barford says. Hackers have become so adept at disguising malicious traffic to look benign, security systems now generate literally thousands of false positives for each genuine intrusion they find. Nemean virtually eliminates false positives.
The idea sounds extremely interesting, I just hope it doesn't summarily decide all IRC traffic is suspicious.
[Computer scientist fights threat of ‘botnets’]
