On October 22, 2020, the National Institute of Standards and Technology (“NIST”) published NIST Technical Note (TN) 2111, “An Empirical Study on Flow-based Botnet Attacks Prediction”. The note, authored by Mitsuhiro Hatada and Matthew Scholl of NIST’s Information Technology Laboratory, presents a method to predict botnet attacks, such as mass spam email and distributed denial-of-service attacks (“DDoS”). This is particularly timely as botnet threats continue to rise in the era of the Internet of Things (“IoT”), where the number, density, and connectivity of devices continue to increase.
The described method leverages the measurement of command and control (C2) activities and automated labeling by associating them with attacks. The authors evaluated the method using a large-scale, real-world, and long-term dataset. The note highlighted that C2 metrics in the 30 to 60 hours before the attack increases to more of a prediction than the metrics just before an attack occurs. The results show that the proposed method can predict an increase in attacks with an accuracy of 0.767. NIST intends for this work to support internet security by contributing to the development of further countermeasures against botnets.
To review the press release, click here.
To review the technical note, click here.