Unfortunately, cyber crime has become a business today. In contrast to the Internet security situation ten years ago, most of the significant Internet attacks today aim to make a financial profit. A popular and effective choice of criminals today for sending spam, stealing data, and launching attacks are so called bots -- a type of malware that is written with the intent of compromising and taking control of hosts on the Internet. The main distinguishing characteristic of a bot compared to other types of malware is that a bot is able to establish a command and control (C&C) channel.

The goal of this project is to develop novel techniques and tools to detect malicious connections from compromised machines to the C&C servers of botnets. The key insight is that when looking at very large volumes of netflow and DNS data over an extended period of time, connection attempts to benign and malicious addresses should exhibit enough differences in behavior so that they can be automatically distinguished. A key challenge in this project is to identify behavioral features that will allow the detection of connections that exhibit botnet-like behavior.

The ability to identify malicious C&C connections and to potentially block and disrupt the communication of the attackers with their bots presents rich opportunities for industrial and societal impact. Furthermore, the research will have a broad effect though education and outreach. The PI will seek broad dissemination of research results through both top publications and industry connections.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1116777
Program Officer
Angelos Keromytis
Project Start
Project End
Budget Start
2011-09-01
Budget End
2014-08-31
Support Year
Fiscal Year
2011
Total Cost
$485,878
Indirect Cost
Name
Northeastern University
Department
Type
DUNS #
City
Boston
State
MA
Country
United States
Zip Code
02115