A recent issue of IEEE Security & Privacy has an interesting paper on a topic I don’t think about too much: botnet defense. Why don’t I think about it?
In “Economics of Fighting Botnets: Lessons from a Decade of Mitigation“, Hadi Asghari, Michel J.G. van Eeten, and Johannes M. Bauer tell us:
“The rise and persistence of botnets reflect changes in the underlying economics of both attackers and defenders—for instance, end users don’t bear the full cost of infections.” p.16
“This reduces the odds that owners will discover the infection and, more important, undermines their incentive to better secure their machines, “ p. 17
This research group from Delft has been conducting careful analysis of the Internet, to estimate the prevalence of botnet activity worldwide. They offer a bit of a calm, informed view to balance the heated rhetoric of the companies peddling security “solutions”.
A key focus of their work is the behavior of ISPs, who increasingly are called upon to mitigate botnets. It is interesting to read their methodology, which uses several methods to identify infected machines and their ISPs.
They find that, across all ISPs infections are generally proportional to the number of subscribers—indicating a fairly uniform vulnerability. But there are huge differences between some ISPs, even within the same market and regulatory environment. This indicates that ISPs can certainly make a difference.
They also give an interesting analysis of various factors that seem to influence the rate of infections, including regulatory policies, costs, and prevalence of unlicensed software. Overall, aggressive policies may help, but do not necessarily move all ISPs to the same effect. “focusing on the ICT infrastructure’s general health might be the most effective way to reduce the societal burden of botnets.” P. 23
This paper is well worth the time to read. (Your library can help you get a copy.)
By the way, they assure us that “The botnet battle hasn’t been lost. Infection rates been be relatively stable for several years.” p 22
- Hadi Asghari, Michel J. G. van Eeten, and Johannes M. Bauer, Economics of Fighting Botnets: Lessons from a Decade of Mitigation. Security & Privacy, IEEE, 13 (5):16-23, 2015.