Tuesday 3:40 p.m.–4:15 p.m.

Global Botnet Detector

Brenton Mallen

Audience level:
Novice

Description

When bots are combined into a network with coordinated efforts they turn into a serious problem. They can be used for many things from data scraping to security breaches. This talk covers the development of a botnet detector, using Python and other tools, to monitor billions of daily requests to find trends that indicate the presence of a botnet attack and to identify potential participants.

Abstract

In a world where most of the internet traffic is produced by bots, who will defend the innocent from the relentless onslaught of malicious botnet activity?

Everyday, countless incidents of botnet activity occur all around the web; wreaking havoc in the form of mass security breaches, data scraping, fraudulent activity and DDoS attacks. The first step in the defense against botnets is to know when suspicious activity is taking place.

This talk covers: what a botnet is, how they work, and walks through a technique we are developing at Distil Networks to identify the presence of a botnet and a list of responsible participants. The botnet identification method described utilizes a correlation in traffic on a customer’s site, along with user fingerprinting, to first alert when a botnet is present and then identify key players.

Sponsors


Become a sponsor.