Networks of hostile software robots (botnets) used to carry out major cyber attacks all over the world have been identified for the first time

A study was carried out at the Deutsche Telekom laboratories in Be'er Sheva in collaboration with Ben-Gurion University of the Negev:

29 CyberTech Conference 2016: In a ground-breaking study on pattern recognition with the help of artificial intelligence, which was based on the history of cyber attacks from the past, a unique technology was developed, through which, for the first time, important, surprising and valuable findings were discovered, which have far-reaching consequences in the international arena.

'Bots' are programs that are installed on users' computers or servers without the user's knowledge, when these programs wait and 'incubate' silently for a command from their operator to do their thing. Such botnets are used for a wide variety of purposes, from sending spam in huge quantities to attacks that disrupt the service of websites and other targeted attacks.

Until now, it has been very difficult to impossible to systematically identify 'bot' networks, operated by a single operator, because bots by their nature are installed in different places and activated at different times, so that their offensive activity cannot be tracked. Identifying the bot networks may significantly help law enforcement authorities in trying to disable these networks, and of course help security managers around the world in their attempt to understand the source of the attack.

The purpose of the study was to identify unique and suspicious patterns in this database, in order to learn about the behavior of attackers and generate significant insights in terms of security. These findings will soon be presented to the relevant parties around the world - the intelligence agencies, law enforcement organizations and security managers, in order to help them understand the source of the attacks and how to fight against them. The research, the findings of which were revealed at the Cybertech 2016 conference taking place this week at the Tel Aviv Exhibition Grounds, was carried out in Deutsche Telecom's research laboratories in collaboration with researchers from the Department of Information Systems Engineering at Ben-Gurion University, led by Prof. Bracha Shapira, and Prof. Lior Rokah, in which a team of researchers received a database of history Attacks on a network of honeypots managed by Deutsche Telekom.

"In this project," said Ariel Bar, a leading researcher in the team, "we applied a number of unique and advanced algorithms from the field of machine learning in order to reach the important results we reached." Indeed, with the help of these analysis methods, the team reached a number of important insights, the most important of which is the identification of active and large 'bot' networks, which pose a risk on a daily level to many entities in the world.

Dodo Mimran, the technology director of Deutsche Telekom Laboratories, said: "The other results of the study are no less interesting. For example, the ability to identify whether an attack came from a real human or a robot and the ability to predict future attacks. This is the first time that such a comprehensive study has been done, with unique results of course.'

It should be noted that in 2014 the AP agency. Me. Ei, in cooperation with private sector entities and law enforcement authorities around the world, succeeded in disrupting a network of Russian 'bots' whose purpose was to steal money from private citizens all over the world. With this method, they managed to steal over 100 million dollars, until the app. Me. an island. managed to disconnect the networks and clean these 'bots'.
Deutsche Telecom Israel Laboratories is managed by Prof. Yuval Elovitz from Ben-Gurion University and has been dealing for over a decade in the most complex fields in the world of cyber, big data, artificial intelligence and everything in between.