Indian IT experts devise technique to fight deadly bots

New Delhi, May 17: Indian computer experts have devised a technique to smoke out bots and deter their malicious programmers from taking over your desk computer or laptop, stealing passwords or vital information in your hard drive even without your suspecting anything amiss, or deluging website with emails to crash them.

Bots are emerging as one of the biggest threats to cyber safety and security worldwide. They may sneak into your computer through an email link or a contaminated external device such as a USB drive, or through chinks in outdated software loaded on your system.

A bot automatically hooks a computer to an instruction server installed by the hacker, generating a gigantic network referred to as botnet, involving thousands or millions of computers at homes, schools, financial centres, government institutions, hitched to malicious and illegal activities.

“Ours is a twin approach, involving standalone and network algorithm (a step-by-step procedure used in calculation, data processing and automated reasoning), to detect and demolish bots,” Manoj Thakur, who developed the technique with colleagues, told IANS from Mumbai.

“The initial work related to this research began as a part of our final year B.Tech project in 2009. We had come up with an initial version of the algorithm along with some simulations at that time,” informed Thakur, of the Veermata Jijabai Technological Institute (VJTI), Mumbai.

The standalone algorithm, operating independently, analyzes the IP addresses of incoming, outgoing data packets; ports used for communication and patterns of traffic either way, said Thakur.

If it sniffs any suspicious activity, it immediately alerts the network algorithm, which sifts through the movement of information to and from the hosts, to figure out whether the activity is due to a bot or a legitimate programme, added Thakur.

“A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users.”

“The time taken to detect and mitigate the effect of a bot attack will depend on the kind of attack, the scale of the attack and the time span across which an attack prevails,” said Thakur.

“A number of services hosted on the web today are over the Cloud. The distributed nature of the computing infrastructure raises important concerns such as confidentiality and veracity of data,” he said.

Cloud computing allows you to access software, server and storage resources over web browser, without having to buy, install, maintain and manage these resources on your own computer or device. Prime examples are gmail and hotmail.

“Irrespective of the way an attack is conducted, it is characterized by abnormal patterns in system usage and network traffic flow. Our technique explores these patterns to detect and mitigate the effect of bots,” said Thakur.

“Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.”

“Each of the bots involved in a DDoS attack overloads the target system with such high volumes of traffic that the system is unable to serve end-users, particularly sites or services hosted on high-profile web servers such as banks, credit card payment gateways, even root name servers,” adds Thakur.

IANS