Abstract: A botnet is a collection of compromised machines (bots) infected by malicious software (malware) that allows the computers to be controlled remotely by botmaster through a Command-and-Control (C&C) server to perform automated tasks, such launching large scale Distributed Denial of Service (DDoS) attacks on other computers, send spam, perform click fraud, extortion, and Identity theft. Botnet malware is often designed to run in the background so users are unaware that their systems are infected and provides its operator’s control of many bots at once. This enables botnet operators to use computing and bandwidth resources across many different networks for malicious activities. Botnets with thousands and millions of nodes have been observed in the wild, with newer ones being observe every day. Various techniques are used to infect computers so they become bots, including luring users into downloading malware, exploiting Internet browser vulnerabilities, and tricking users into loading malware. Although botnets pose threats to Internet users and are difficult to eliminate, steps can be taken to reduce their impact and associated risks. To date, techniques to counter botnet related attacks have predominantly been reactive, they mainly focus on monitoring network traffic, anomalies detection and cyber-attack traffic patterns. In my talk I will be presenting some of the latest state-of-the-art Machine Learning based approaches for botnet detection in the academy and in cyber-security industry by outlining their characteristics, performances, and limitations. I will discuss challenges of using machine learning for identifying botnet traffic and outlines possibilities for the future development of machine learning-based botnet detection systems.
Bio: Gershon Celniker is a Principal Data Scientist / Researcher at Verint in Herzliya, Israel. He attended both the Israel Institute of Technology and the Hebrew University giving him a Bachelor’s in Biology and molecular biotechnology track and a Masters in Bioinformatics and Medicinal chemistry. His previous lines of work includes companies such as Wiser, Tel Aviv University and Mobright.