Network Security News

Botnets, huge clusters of computers controlled to perform certain actions invisibly for their end-users, are the source of significant danger. Simply speaking, modern botnets are capable of removing literally any given site, network service and so on. To understand the exact impact of botnets, they should be modeled. Internet Evolution in Botnet Project Could Yield Internet Secrets depicts one of approaches.

The story goes on: small group of researchers at Sandia National Laboratories is using Wine and Thunderbird in an effort to better understand how botnets work. (Is that like using a pie pan with beer in it to kill garden slugs?)

Of course, the Thunderbird they're referring to is a Dell supercomputer; and their Wine is an open-source Windows emulator. The researchers have recently run 1 million Linux kernels and plan to eventually create a virtual Internet where they can watch a botnet spread and operate as if in the wild. They can then study it in hopes of gleaning useful information to help them recognize and combat botnets.

Each node can run an instance of the Wine Windows emulator, and each emulator can run an Internet browser. In this way, a mini-Internet can be created to study how botnets work from a completely new perspective.

The project has been two years in the making and is funded by a variety of sources, including the U.S. Department of Energy, the National Nuclear Security Administration, and Sandia itself. The scientists are also collaborating with researchers involved in DARPA's National Cyber Range project, which focuses more on cyberwarfare. The writing is definitely on the wall.

Simulations of this scale are of particular interest to anyone trying to understand cause and effect in complex systems. In the past, these types of clustered supercomputers have been used for everything from weather simulations to creating difficult movie special effects such as waves in water.

The supercomputer of this scale can emulate an entire modern botnet, with its 'cells' unaware they are living in an emulated environment. The problem is a real-life botnet is an opaque entity, the behavior of which can't be efficiently predicted. It can be viewed as an organism, reacting in a complex way to a given input.

Even though the exact source of problems, human beings, don't simply care about what is going on their computers, solving this problem can't succeed without prior studying of this phenomenon. Even the simplest network activity monitoring on every single 'cell' could detect the 'invader' and make it easier to remove the infection.

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.