DARPA looks for tech to wipe out botnets, cyberattacks

Research agency wants to develop autonomous software agents that can locate and destroy botnets.

HACCS is divided into three 16-month phases. By the end of Phase III, the various goals include characterizing 80 percent of the IP address space with 95 percent accuracy, find 1,000 n-day botnet vulnerabilities to exploit, demonstrate effectiveness in 10,000 computer-simulated topologies, and finally participate in a Department of Defense exercise.

Botnets are the zombie apocalypse of the Digital Age. Hordes of computers are covertly hacked and hijacked by spies, criminals and spammers, unbeknownst to their owners. Botnets can shut down a Web site by overloading them with traffic, or become a virtual viper's nest of nasty viruses.

DARPA is looking for ways to stop botnets. More specifically, it wants industry to provide software that will automatically stop botnets-- without obtaining the permission of the owners of infected computers.

The problem right now is that current technology does not do a good job of stopping botnets, according to DARPA's presolicitation for Harnessing Autonomy for Countering Cyberadversary Systems (HACCS). Beefing up Department of Defense network security, or responding to incidents as they occur, is too slow, expensive or risks unanticipated side effects on friendly networks.

DARPA's cure for the Botnet Plague is to create "autonomous software agents," virtual minions that will detect the presence of botnets and where they are located, infiltrate their networks and neutralize them. HACCS has three aspects:

  • Accurately identify and fingerprint botnets to determine the presence of botnet implants, how many and what type of devices are being used, and what the software is being used. And, to do so "with sufficient precision to infer the presence of known vulnerabilities."

 

  • Generate "non-disruptive software exploits" to target those vulnerabilities "without affecting legitimate system functionality."
  • Create software agents that can accomplish all this.

 

Interestingly, DARPA notes that "to achieve the necessary scale and timeliness, such a capability must be effective even if the owners of botnet-conscripted networks are unaware of the infection and are not actively participating in the neutralization process."

In other words, DARPA wants software that will automatically penetrate networks and neutralize threats -- without getting permission from the unwitting owners of those networks.

DARPA itself recognizes this is tricky, and perhaps legal and political dynamite. It describes HACCS as taking "an experimental approach to verify the implementation of such autonomous agents and the rules under which they operate, and to measure the effectiveness of denying, degrading, and disrupting botnets and individual botnet implants without affecting the systems and networks on which they reside."