(Press-News.org) Contact information: Albert Ang
press@inderscience.com
Inderscience Publishers
Finding the hidden zombie in your network
Statistical approach to unraveling computer botnets
How do you detect a "botnet", a network of computers infected with malware -so-called zombies - that allow a third party to take control of those machines? The answer may lie in a statistical tool first published in 1966 and brought into the digital age researchers writing this month in the International Journal of Electronic Security and Digital Forensics.
Millions of computers across the globe are infected with malware, despite the best efforts of public awareness campaigns about phishing attacks and antivirus software. Much of the infection is directed towards allowing a third party to take control of a given machine or indeed a network of machines and exploiting them unbeknownst the legitimate users in malicious and criminal activity. Security and software companies do monitor internet activity and there have been many well-publicized successes in destroying such botnets. However, malware writers are always developing new tools and techniques that allow them to infect unprotected computers and rebuild botnets.
Botnets are widely used in organized crime to attempt breaches on security systems by mounting distributed denial of service (dDOS) attacks, among other techniques, on corporate, banking and government systems. Such attacks can open up "backdoors" into a private computer network that lets the botnet controller access proprietary and other sensitive information, passwords or even voting systems. Botnets have also been used for simply malicious purposes to force websites and other services offline, occasionally in an act of protest or rebellion.
Now, R. Anitha and colleagues at PSG College of Technology, Coimbatore, India, have turned to a statistical tool known as the hidden semi-Markov model (HsMM) to help them develop monitoring software that can detect the telltale signs of botnet activity on a computer and so disable the offending malware. In probability theory and statistics, a Markov process is one in which someone can predict the next state of a process based on its current state without knowing the full history of the process. An example in gambling would be that if you have chip now and the odds of winning or losing on the next bet are even then we can predict without knowing how many chips you had earlier that you will either have none or two after the next bet.
A hidden-Markov model would thus include variables of which the observer has no sight but can infer and so predict an outcome. Predicting whether it rained on a given day based on whether a fair-weather-only walker was out on a given day without you having a weather report for their area involves a hidden-Markov process. A hidden semi-Markov model then involves a process of this sort but where the time-elapsed into the current state affects the prediction. For example, one might predict the rainfall pattern based on how long it is since our fair-weather walk last ventured out.
The team has applied the statistical logic of the hidden semi-Markov model to forecast the characteristics of internet activity on a given computer suspected of being a "zombie computer" in a botnet based on management information base (MIB) variables. These variables are the components used to control the flow of data packets in and out of the computer via the internet protocol. Their approach can model the "normal" behavior and then highlight botnet activity as being a deviation from the normal without the specific variables that are altered by the malware being in plain sight.
The team points out that botnet and malware developers have focused recently on web-based, http, type activity, which is easier to disguise among the myriad packets of data moving to and fro across a network and in and out of a particular computer. Their tests on a small zombie computer network shows that the hidden semi-Markov model they have developed as a lightweight and real-time detection system can see through this disguise easily. If implemented widely such as system could lock down this kind of botnet very quickly and slow the assimilation of zombie computers by criminals and others with malicious intent.
###
"HTTP botnet detection using hidden semi-Markov model with SNMP MIB variables" in Int. J. Electronic Security and Digital Forensics, 2014, 5, 188-200.
Finding the hidden zombie in your network
Statistical approach to unraveling computer botnets
2014-02-04
ELSE PRESS RELEASES FROM THIS DATE:
Who owns the bones? Should bodies in museum exhibits be returned home?
2014-02-04
From Egyptian mummies to Ötzi the Iceman, human remains are a common, if macabre, feature of museum exhibits. Writing in Clinical Anatomy, Dr. Philippe Charlier explores the argument that curators have ...
First live births with a novel simplified IVF procedure
2014-02-04
Cambridge, UK, February 4, 2014 - A recent prospective study published in Reproductive BioMedicine Online comparing conventional IVF with a novel simplified laboratory method of culturing embryos suggested that fertilization ...
Smokers lack motivation, feel more tired and are less active than non-smokers
2014-02-04
While the results of smoking may be expected to decrease fitness, new research, published in Respirology, has found that smokers are less physically active, lack motivation and are more likely to ...
Time to stub out misguided e-cigarette regulation
2014-02-04
Los Angeles, London (February 04, 2014). Smokers are increasingly turning to electronic cigarettes as a means to reduce the health impacts of their addiction. But legislators around the world are far from unified ...
Faces we don't forget
2014-02-04
Great eyes, full lips and harmonious features: actress Angelina Jolie is in possession of all of these. That she is regarded as ...
Teens who consume energy drinks more likely to use alcohol and drugs
2014-02-04
Philadelphia, Pa. (February 4, 2014) – Nearly one-third ...
Mouse study shows gene therapy may be possible cure for Hurler syndrome
2014-02-04
CINCINNATI – Researchers used blood platelets and bone marrow cells to deliver potentially curative gene therapy to mouse models of the human genetic disorder Hurler ...
Scientists turn primitive artificial cell into complex biological materials
2014-02-04
It is a big dream in science: To start from scratch with simple artificial microskopic building blocks and end up with something much more complex: living systemts, novel computers or every-day ...
Sun spits out mid-level solar flare
2014-02-04
The sun emitted a mid-level solar flare, beginning at 11:57 p.m. EST on Feb. 3, 2014, and peaking at midnight EST. NASA released images of the flare as captured ...
Diamond defect boosts quantum technology
2014-02-04
Washington, D.C.—New research shows that a remarkable defect in synthetic diamond produced by chemical vapor deposition allows researchers to measure, witness, and potentially manipulate electrons in a manner that could ...
LAST 30 PRESS RELEASES:
FAU receives $3M federal grant to prevent substance use in at-risk youth
New report shows action to improve gender equity linked to career gains and better business performance
Kiwis could help manage chronic constipation
Breast, lung, and bladder cancer phase 3 trials led by Dana-Farber presented at ESMO Congress 2025
New open-source software allows for efficient 3D printing with multiple materials
Decoding the secrets of ‘chemo brain’
‘Far from negligible’: New Australian fossil fuel site will have major impact on people and the planet
UK heatwaves overwhelm natural ecological safeguards to increase wildfire risk
Key ExoMars Rover part ships from Aberystwyth
90% of Science Is Lost: Frontiers’ revolutionary AI-powered service transforms data sharing to deliver breakthroughs faster
Skin symptoms may forewarn mental health risks
Brain test predicts ability to achieve orgasm – but only in patients taking antidepressants
‘New reality’ as world reaches first climate tipping point
Non-English primary language may raise risk of delirium after surgery, study finds
Children fast from clear liquids much longer before surgery than guidelines recommend, large study shows
Food insecurity, loneliness can increase the risk of developing chronic pain after surgery
Cesarean delivery linked to higher risk of pain and sleep problems after childbirth
New global burden of disease study: Mortality declines, youth deaths rise, widening health inequities
Chemobiological platform enables renewable conversion of sugars into core aromatic hydrocarbons of petroleum
Individualized perioperative blood pressure management in patients undergoing major abdominal surgery
Proactive vs reactive treatment of hypotension during surgery
Different types of depression linked to different cardiometabolic diseases
Ketogenic diet may protect against stress experienced in the womb
Adults 65 years and older not immune to the opioid epidemic, new study finds
Artificial intelligence emerging as powerful patient safety tool in pediatric anesthesia
Mother’s ZIP code, lack of access to prenatal care can negatively impact baby’s health at birth, new studies show
American Society of Anesthesiologists honors John M. Zerwas, M.D., FASA, with Distinguished Service Award
A centimeter-scale quadruped piezoelectric robot with high integration and strong robustness
Study confirms that people with ADHD can be more creative. The reason may be that they let their mind wander
Research gives insight into effect of neurodegenerative diseases on speech rhythm
[Press-News.org] Finding the hidden zombie in your networkStatistical approach to unraveling computer botnets