Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tools To Squash the Botnets

Posted by ryuzaki0 on from the squish-squish-little-bugs dept.

Roland Piquepaille writes "This is the intention of Paul Barford, a computer scientist at the University of Wisconsin-Madison. He wants to build a new line of defense against malicious traffic which has become today a billion-dollar 'shadow industry.' As one of 'the most menacing aspects of botnets is that they can go largely undetected' by a PC owner, he developed a new computer security technique for detecting network intrusions. His system has a 99.9% detection rate of malicious signatures, roughly equivalent to some of the best commercial systems. But it has zero false positives when commercial systems have high numbers. This new system could soon be available commercially."

5 of 135 comments (clear)

  1. I don't see that. by khasim · · Score: 5, Insightful

    When the easiest way to DDoS someone's site is to have the zombie army keep hitting the pages ... how will any tool identify or protect you from that threat?

    The zombies can simply flood your pipeline. There are that many of them.

    1. Re:I don't see that. by Anonymous Coward · · Score: 5, Funny

      I couldn't RTFA. The Slashdot zombie army killed the site.

  2. So in other words... by Icarus1919 · · Score: 5, Insightful

    People still have to install it and use it, correct? If so, then why do we believe there aren't going to continue to be hundreds of thousands to millions of users out there who don't give a damn, like there currently are? How is this much of an improvement over the current state of things?

  3. Talk by Paul Barford by QuantumG · · Score: 5, Informative

    Title: Toward Self-directed Network Intrusion Detection and Prevention

    Abstract:

    Network attacks and intrusions have been a fact of life in the Internet
    for many years and continue to present serious challenges for network
    researchers and operators alike. The objective of our work is to develop
    tools and systems that automate or otherwise enhance key activities of
    network security analysts. In the first part of this talk, I will describe
    our malicious traffic assessment activities using our Internet Sink
    (iSink) system for dark address space monitoring. iSink is a highly
    scalable system that includes both passive packet capture and a set of
    stateless active responders that enable details of exploits to be
    captured. Our results illustrate the variability in the traffic on dark
    address space and the feasibility of efficient classification of attack
    types. I will also describe how data from dark address space monitors can
    be used to provide near real time network "situational awareness" for
    security analysts. iSink data is also the basis for our Nemean system that
    automatically synthesizes signatures for intrusion detection. Unlike
    standard intrusion signatures, Nemean's signatures are protocol aware
    which we show greatly enhances their resilience to false alarms. I will
    describe Nemean, and conclude with a brief description of our current
    activities in adapting Nemean into a real time intrusion prevention
    system.

    Where: Grad. Lounge

    When: Thursday 27th Oct 2005 11 am.

    2 years from lab to startup, not bad dude.

    --
    How we know is more important than what we know.
  4. Re:Not only that, but there are NO details. by skoaldipper · · Score: 5, Funny
    A huckster in our midst? Let's see.

    "Botnets represent a convergence of all of the other threats that have existed for some time,"
    Scared of rickets? You, sir. Step right up here.

    One of the most menacing aspects of botnets is that they can go largely undetected by the owner of a personal computer.
    Folks, you might not feel sick today, but that's no guarantee you won't feel sick tomorrow.

    Nemean is based on four distinct patents that are either filed or are in process with the Wisconsin Alumni Research Foundation (WARF).
    No matter what ails ya, Professor Nemean's original. medicinal, remedial, compound exlixir is patented and irrevocably guaranteed to...

    The innovation with Nemean is a method to automatically generate intrusion signatures, making the detection process faster and more precise.
    boost your bends, target your temperature, and positively palliate your particulars. Yes, folks...

    "The technology we're developing here really has the potential to transform the face of network security,"
    this age-defying, mystifying, wiz bang fandangle will cure everything from flakey skin to original sin.

    Only two bits a bottle. Worth a dollar a drop! Step right up! Step right up!
    --
    I hope, when they die, cartoon characters have to answer for their sins.