The challenge of ensuring security and privacy for devices connected over the Internet has become increasingly difficult, while at the same time, becoming ever more important, as more private and sensitive information is being stored and accessed online. Cyber threats to the data of individuals, corporations, and governments are constantly evolving and becoming more complex. One prevalent threat currently being deployed is the execution of malicious code, or malware, which can include viruses, ransomware, rootkits, and the like.
Among the tools used to propagate such malware are malware bots. Bots are any computing device that can be used to execute a piece of code, and are often used without the knowledge of the executing device's owner. Multiple bots can be connected together to form a bot network, or a botnet, that can be controlled by a single entity. These botnets can be connected and controlled over the Internet remotely and programmed to execute simple or complex tasks. Recently, botnets have used the increased popularity of Internet of Things (IoT) devices, where traditionally non-Internet connected appliances and devices, such as microwaves, audio speakers, home security cameras, and the like, are updated to allow connection to a home network and the Internet to allow for remote control and access. These devices are often sold with default credentials that many owners fail to change, allowing malicious entities easy access to these devices to increase the size of their botnets.
While some botnets may be used for constructive goals, many are employed for more nefarious purposes. These malicious botnets can be spread over many devices and programmed to execute harmful code when invoked. Some botnets extend over thousand or tens of thousands of devices that have been unwittingly recruited for the execution of the malicious code.
One common use of malicious botnets includes distributed denial of service (DDoS) attacks, which command multiple devices from a botnet to flood a target, such as a server or a website, with a stream of requests, messages, or malformed packets, inundating the target and causing a massive spike and overflow of bandwidth. This can effectively shut down a target server or website, causing financial harm as well as preventing legitimate users from successfully accessing the target.
Further uses of botnets include generating fake internet traffic, e.g., to unfairly monetize advertising based on the falsely generated traffic, and leveraging botnets to send massive amounts of spam email from various locations. While a single Internet Protocol (IP) address can be easily blocked by an internet service provider, thousands of IP addresses, constantly shifting, are much more difficult to control. Further, botnets exploit IoT devices typically installed at homes and are configured with dynamic IP addresses which constantly are changed and updated. Thus, it is difficult to track and block attacks initiated by such botnets. In addition to using the bandwidth offered by the multitude of devices controlled by a botnet, the processing power that can be harnessed from the array of devices in a botnet is unachievable through a single machine. Thus, botnets can be used by an attacker to execute more complex and intensive tasks on one or more victims.
Spammers will often hire the services of a malware entity and effectively rent out the botnet system for malicious use without having to maintain the system themselves, thus allowing a single botnet to be leveraged by many bad actors for a variety of attacks. However, because of the distributed nature of a botnet, not only can it be difficult to block botnet attacks, it can be equally challenging to track down those who control the botnets.
It would therefore be advantageous to provide a solution that would overcome the challenges noted above.