http://www.madison.com/wsj/home/local/269556 By Heather LaRoi Wisconsin State Journal JAN 26, 2008 UW-Madison computer scientist Paul Barford doesn 't want to be alarmist, but he thinks you could be in danger of being attacked -- by a botnet. Botnets (a term combining "robot " and the "Net ") are the biggest and baddest Internet villains out there these days, he said, combining other threats that have been around for years -- worms, viruses, spyware, and so on. What takes the botnet threat to an even higher level is its potential for what Barford calls "command and control. " That means someone sitting in an Internet cafe on the other side of the world could send commands to groups of compromised systems and send spam, gather personal information or use botnets for what 's called denial-of-service attacks. The threat has the potential to go way beyond identity theft, Barford said, and could even have terrorist implications, which might partly explain why Barford 's research is supported by the National Science Foundation, the Army Research Office and the Department of Homeland Security. "I don 't want to sugarcoat this at all, " Barford said. "The situation is bad, and it 's going to get way worse before it gets better. And here 's the sad thing: it 's likely that all of us at some point are going to be affected by this. " Barford and his colleagues at UW-Madison have developed a new approach to detecting such network intrusions by focusing on a slight vulnerability in such malicious traffic, the pattern or "signature " that it creates. What sets Barford 's technology apart from other security tools is its ability to be specific and general at the same time in detecting and identifying these signatures. In being specific, it doesn 't rely on casting a wide net as most other tools do. That 's important because it means benign traffic isn 't misidentified as malicious, thereby generating the false positives that can rapidly bog down other security systems. The technology is also general in that it can use a single signature to detect classes of attacks, something other systems don 't offer, according to Barford. "If an attack is similar to something we 've already seen, we 're going to catch it, " Barford said. "That 's our mechanism for staying ahead. " Jeffrey Savoy, of UW-Madison 's Office of Campus Information Security, said that where Barford 's product is probably most different is in reducing the false positives. "Sometimes false positives can lead you to better understanding of your network, " Savoy said. "The problem is if you have hundreds of false positives and you have to weed through every one, the chance of you missing a real one is greatly increased. That 's the challenge that we have. " The Internet threat landscape has changed dramatically in the past several years, according to Barford. Before about 2003, he said, the major motivation for malicious activity on the Internet was often just the challenge of doing it. Since then, however, economic profit -- huge profit -- is now driving what has become a major underground industry. Countering these botnets is mostly a matter of damage control, Barford said. "Make no mistake about it, this is an arms race. You 're always behind, you 're always catching up, " he said. "The attackers only have to find one means of attack. The defenders have to defend against all means of attack. " Last June, Barford and colleagues, with the backing of the Badger Alumni Capital Network, opened a spinoff company at University Research Park called Nemean Networks. "Nemean " comes from the Herculean myth of the Nemean lion whose skin can 't be penetrated by anything. Nemean is based on four distinct patents either filed or in process with the Wisconsin Alumni Research Foundation. The technology Nemean will market isn 't something that individual consumers use but is rather something that 's installed and used by network service providers. Barford said there have already been conversations with several Fortune 100 companies about test deployments in the coming months. "We believe what we offer is a paradigm shift that is going to have a significant impact, but we 're not solving the problem. We 're just raising the bar. We think we 're raising it a lot -- but the problem never is going to be solved, " Barford said. "But if we can reduce the amount of overall malicious activity in the Internet, everybody benefits. " BETTER SECURITY The discovery: Paul Barford and his team identified a new methodology for transforming the "signatures " of Internet actions into a means of detecting malicious network intrusions. What it means: Installed by network service providers, the new security technology helps to eliminate the false positives that can bog down other Internet security systems. It also can use a single signature to detect classes of attacks. Why it 's important: Use of malicious botnets poses network risks that could run the gamut from personal identity theft to illegal control of infrastructure systems. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Jan 28 2008 - 00:29:02 PST