Dr. Richard Brooks and electrical engineering graduate student Chen Lu received the 2nd place best paper prize at Oak Ridge National Laboratory's 8th Annual Workshop on Cyber Security and Information Intelligence Research in January.
Their paper,“Timing Analysis in P2P Botnet Traffic Using Probabilistic Context-Free Grammars," focuses on developing more secure and resilient network systems by applying timing analysis on P2P hierarchical botnet traffic. Their research extends previous work to use probabilistic context-free grammars (PCFGs), a more expressive grammar in the Chomsky hierarchy. Experimental results of simulated P2P botnets show that PCFGs have accurate detection rates. The approach provides possible "exploits" to compromise "Tailored Trustworthy Spaces" (TTS) and moving target systems.
Botnets have become a major source of spam, private data mining and other cybercrime. During the battle with security communities, botnets became TTS. Bot herders first used encryption and access control of the botnet command and control channel to secure botnet communications. The use of fastflux and P2P technologies help botnets become more resilient to detection and taken down. Their fast evolving propagation, command and control, and attacks make botnets good examples of moving targets. Detecting and removing botnets has become a difficult and important task for security community.