Beating the 鈥渂otnets鈥 鈥 armies of infected computers used to attack websites 鈥 requires borrowing tactics from the bad guys, say computer security researchers.
A team at the University of Washington, US, want to marshal swarms of good computers to neutralise the bad ones. They say their plan would be cheap to implement and could cope with botnets of any size.
Through such means as web pages and viruses, hackers spread malicious software that lets them create and manipulate 鈥渮ombie computers鈥, leaving owners of the infected machines none the wiser.
Advertisement
Botnets are networks of these zombies and are used to send spam or launch (DDoS) attacks.
These attacks can cause internet servers to crash by overwhelming them with information requests from a botnet鈥檚 computers. They are so commonly used to extort money from website owners that the practice is dubbed 鈥the street crime of the web鈥.
Friendly zombies
Current countermeasures are being outstripped by the growing size of botnets, says the Washington team, but assembling swarms of good computers in defense could render DDoS attacks obsolete.
Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of 鈥渕ailbox鈥 computers.
The many mailboxes do not simply relay information to the server like a funnel 鈥 they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped.
鈥淗osts use these mailboxes in a random order,鈥 the researchers explain. 鈥淓ven an attacker with a multimillion-node botnet can cause only a fraction of a given flow to be lost,鈥 the researchers say.
Phalanx also requires computers wishing to start communicating with the protected server to solve a computational puzzle. This takes only a small amount of time for a normal web user accessing a site. But a zombie computer sending repeated requests would be significantly slowed down.
Pet botnet
鈥淩ather than using an ill-gotten botnet, Phalanx would use the large networks of computers which companies currently use to serve massive amounts of content,鈥 says team member .
Such have large networks of computers that serve web content such as video from caches around the world. Phalanx鈥檚 mailboxes would be spread throughout such a network.
The Washington team simulated an attack by a million-computer botnet on a server connected to a network of 7,200 mailboxes organised by Phalanx. Even when the majority of the mailboxes were under simultaneous attack, the server was not overwhelmed and could still function normally.
In principle, simply recruiting more mailbox computers allows Phalanx to deal with any size of botnet, Dixon says.
Content distribution networks are the best way to quickly deploy the Phalanx approach, Dixon says, but anyone鈥檚 computer could potentially help out.
Home helpers
鈥淭hese existing networks are so large and well-provisioned that they are currently the best option to withstand denial of service attacks from botnets,鈥 he told New 杏吧原创. 鈥淟onger term, I think it鈥檚 quite possible to fold home machines into the system as well.鈥
Using the distributed file-sharing system would provide one way of doing that, he adds.
鈥淚t is a very interesting approach that integrates a number of existing ideas,鈥 says of the University of Texas in Austin, US.
鈥淚 particularly like the idea of leveraging swarming to defend against botnets,鈥 Zhang added. 鈥淐onverting BitTorrent users into a community-based botnet defense sounds interesting and promising.鈥
was presented at the , held last week in San Francisco, US.