Slaying the Nemean Lion was the first of Hercules’s legendary twelve tasks set forth by king Eurystheus. The lion’s hide was so thick that weapons couldn’t penetrate it. An apt name for a new technology developed to detect botnets, one of the most fearsome beasts of the Internet underworld.
Botnets come in various shapes and sizes, from simple information gatherers, gleaning credit cards and other personal information from user data, to the much feared brute force attack, aimed at compromising or incapacitating large networks. The eBay network was recently in the news for being the target of a particularly nasty botnet attack.
Nemean is under development at Nemean Networks, LLC, led by Paul Barford, a computer scientist at the University of Wisconsin, Madison. The technology is based on four patents, filed or being processed at the Wisconsin Alumni Research Foundation.
Nemean’s performance is promising, easily besting current state of the art detection software in accurately identifying threats. In a test comparing Nemean to such state of art systems, Nemean detected 99.9% of malicious signatures while the competitor detected 99.7%. These numbers don’t seem staggering until you learn that Nemean generated zero false positives, while the other technology generated 88,000.
Typical network-intrusion systems use a stored database to compare traffic against, flagging anything suspicious. The data is generated by previously detected attack signatures. Nemean, in contrast, automatically generates intrusion signatures, thus making detection faster and more precise.
Though Nemean is an ambitious endeavor, internet security will continue to evolve as more ways to penetrate and control users’ systems are discovered. “This is an arms race and we’re always one step behind,” Barford said. “We have to cover all the vulnerabilities. The bad guys only have to find one.”
Nemean’s research is supported by the National Science Foundation, the Army Research Office, and the Department of Homeland Security. The technology was developed and tested at the Wisconsin Advanced Internet Laboratory.