New Scientist is reporting on a University of Washington project aiming to marshal swarms of ‘good’ computers to take on botnets. Their approach – called Phalanx – uses its distributed network to shield a server from distributed denial-of-service (DDoS) attacks. Instead of that server being accessed directly, all information must pass through the swarm of ‘mailbox’ computers, which are swapped around randomly and only pass on information to the shielded server when it requests it.
Beating the “botnets” – armies of infected computers used to attack websites – requires borrowing tactics from the bad guys, say computer security researchers.
A team at the University of Washington, US, want to marshal swarms of good computers to neutralize the bad ones. They say their plan would be cheap to implement and could cope with botnets of any size.
Through such means as web pages and viruses, hackers spread malicious software that lets them create and manipulate “zombie computers”, leaving owners of the infected machines none the wiser.
Botnets are networks of these zombies and are used to send spam or launch distributed denial-of-service (DDoS) attacks.
These attacks can cause internet servers to crash by overwhelming them with information requests from a botnet’s computers. They are so commonly used to extort money from website owners that the practice is dubbed “the street crime of the web”.
Current countermeasures are being outstripped by the growing size of botnets, says the Washington team, but assembling swarms of good computers in defense could render DDoS attacks obsolete.
Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of “mailbox” computers.
The many mailboxes do not simply relay information to the server like a funnel – they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped.
“Hosts use these mailboxes in a random order,” the researchers explain. “Even an attacker with a multimillion-node botnet can cause only a fraction of a given flow to be lost,” the researchers say.
Phalanx also requires computers wishing to start communicating with the protected server to solve a computational puzzle. This takes only a small amount of time for a normal web user accessing a site. But a zombie computer sending repeated requests would be significantly slowed down.
“Rather than using an ill-gotten botnet, Phalanx would use the large networks of computers which companies currently use to serve massive amounts of content,” says team member Colin Dixon.
Such content distribution networks have large networks of computers that serve web content such as video from caches around the world. Phalanx’s mailboxes would be spread throughout such a network.
The Washington team simulated an attack by a million-computer botnet on a server connected to a network of 7,200 mailboxes organized by Phalanx. Even when the majority of the mailboxes were under simultaneous attack, the server was not overwhelmed and could still function normally.
In principle, simply recruiting more mailbox computers allows Phalanx to deal with any size of botnet, Dixon says.
Content distribution networks are the best way to quickly deploy the Phalanx approach, Dixon says, but anyone’s computer could potentially help out.
“These existing networks are so large and well-provisioned that they are currently the best option to withstand denial of service attacks from botnets,” he said. “Longer term, I think it’s quite possible to fold home machines into the system as well.”
Using the distributed file-sharing system BitTorrent would provide one way of doing that, he adds.
“It is a very interesting approach that integrates a number of existing ideas,” says Yin Zhang of the University of Texas in Austin, US.
“I particularly like the idea of leveraging swarming to defend against botnets,” Zhang added. “Converting BitTorrent users into a community-based botnet defense sounds interesting and promising.”
A paper on Phalanx was presented at the USENIX symposium on Networked Systems Design and Implementation, held last week in San Francisco, US.
Via New Scientist