Aggelos Kiayias, an assistant professor of Computer Science & Engineering, was awarded a two-year grant of more than $225,000 by the U.S. Department of Homeland Security (DHS) to conduct research involving the detection and mitigation of so-called “botnets.” The grant was made under the DHS Small Business Technology Transfer program, which pairs small businesses with non-profit research institutions. Dr. Kiayias – together with co-PI’s Reda Ammar, Steve Demurjian and Sanguthevar Rajasekaran – is partnering with Owen McCusker of Sonalysts, Inc. of Waterford, CT, an engineering consulting, design, training and software firm.
Botnets are a type of autonomous, subversive software distributed over a computer network that can wreak havoc by remotely infecting computers with destructive software, launching mass spam attacks and generally disrupting the functioning of the affected computers.
According to Dr. Kiayias, the “sophistication and proliferation of botnets have made online crime a lucrative and high-growth market. They have provided online criminals complex tools through which they can routinely exploit individual home users, governmental institutions, and commercial businesses.”
For example, in February, Quebec police arrested 17 people for alleged botnet-related activities that resulted in an estimated $44.3 million in damages. According to the police, the individuals installed remote-control zombie software on more than one million computers in 100 countries. After the hackers gained control of victims’ computers, police allege, the machines were used to attack websites in order to steal victims’ personal data.
Dr. Kiayias said that the destructive power and pervasiveness of botnets have increased dramatically in recent years, to the point where malware can be uploaded onto compromised systems in seconds through the exploitation of software vulnerabilities or social engineering. Botnets, currently exploiting not only home PCs and business workstations by the millions, will soon spill over into Voice-over IP (VoIP) systems and mobile devices such as BlackBerrys, Apple iPhones and other personal digital assistants. Adding insult to injury, botnets now also exploit encryption capabilities that allow them to conduct their destructive activities in a secure way.
Dr. Kiayias explained that it is critical for businesses, public organizations and government to work together to address the threat posed by botnets. Currently, different sectors tend to attack the problem in different ways – making it impossible to consistently detect, locate and destroy botnets. “Many detection tools today only look at specific views of the problem domain…each ‘sensor locale’ offers different and valuable insight about a botnet, or discovery of a botnet that – as part of a more comprehensive, multi-faceted picture across multiple sectors – would allow for a more effective and strategic solution.”
To address this challenge, Dr. Kiayias and his team will collect data from a group of sensors set up to record botnet events, warehouse the data in a central place where it can be analyzed, and deliver mitigation notices to the affected parties. Detection of a botnet will trigger the system’s automatic development of a mitigation plan that includes notices going out to registered users and devices. Fundamental to the approach is the development of a botnet-specific message exchange format used to distribute detection and mitigation information among systems and users.
The rapid response process will not entirely eliminate the need for human intervention, though it will provide superior safeguards. According to Dr. Kiayias, “Disabling a botnet involves restricting computing operations. It’s better to avoid taking out people’s computers unless we’re sure they’re infected: it is ultimately the job of the administrator to make such decisions.”