Jan. 27, 2016

Cyber security researchers from Deutsche Telekom Innovation Labs@BGU have discovered and traced six botnets by analyzing data collected from past cyber-attacks. 

Botnets are networks of malicious remotely updatable code that lurk on infected computers unbeknownst to their owners. Using botnets, hackers and cyber criminals can carry out powerful attacks that, until now, were largely untraceable. As a result, botnets are of real interest to law enforcement agencies and cyber security specialists all over the world. 

A team led by Profs. Bracha Shapira and Lior Rokach analyzed data captured by a “honeypot” network run by Deutsche Telekom, one of the world’s leading telecommunications companies. By analyzing the data, the team built a breakthrough program that identifies the botnet by finding similar attack patterns. Law enforcement can then track the botnet back to its administrator. 

The breakthrough was announced on the second day of Cybertech 2016 in Tel Aviv. BGU is the academic partner of Israel’s largest cyber security event, organized by Israel Defense. 

“In this project,” explains Ariel Bar, one of the lead researchers on the team, “we implemented a number of unique advanced algorithms based on machine learning in order to reach the important outcomes that we achieved.” The team was able to identify six separate botnets, each capable of inflicting serious criminal and monetary damage. 

Dudu Mimran, CTO of Deutsche Telekom Innovation Labs@BGU added, “In addition to the aforementioned findings, there were other interesting achievements. For example, the ability to identify whether the attack emanated from a real person or from a robot, as well as the ability to predict future attacks. “This is the first time such a comprehensive study has been carried out and returned with unique findings,” he enthused.  

In 2014, the FBI announced that, in conjunction with other law enforcement agencies and private sector organizations, they had managed to disrupt a Russian botnet which targeted personal banking and had managed to steal more than $100 million. 

Deutsche Telekom Innovation Labs@BGU, directed by Prof. Yuval Elovici, is a unique research lab staffed, for the most part, by faculty and students of BGU, who conduct cutting-edge cyber security research on behalf of Deutsche Telekom which is published as academic articles as well. 

Profs. Shapira, Rokach and Elovici are all members of BGU’s Department of Information Systems Engineering.