Malicious actors are increasingly leveraging botnet infrastructures to launch attacks on organizations, such as Distributed Denial of Service (DDoS) attacks and malware distribution. The consequences can be devastating, and, with the rise of Internet of Things (IoT), these devices have the potential to affect or be affected by millions of systems worldwide.

The Mirai botnet, for example, was used to conduct what was, at the time, the largest DDoS attack ever – a flood of communications designed to make the target system unusable. Attackers used Mirai to harness hundreds of thousands of compromised IoT devices from consumer and corporate environments to disrupt the operations of other devices and networks. We developed a new technology that makes it possible to mitigate such large-scale attacks.

Flow data analysis

This technology is based on large-scale network analytics to detect and proactively defend businesses from attacks launched on botnet infrastructures. The new network flow data analysis uses machine learning and scalable streaming analytics and pulls data from NTT’s global network infrastructure, which provides visibility into approximately 40% of the global internet traffic.

Minimum interruption

The enhancement will enable us to find attacks on customers’ internet-connected devices in real time and help affected organizations react more quickly, minimizing interruption to the business. Machine learning is used to primarily detect Command & Control (C&C) servers which are added to our blacklist, which is then accessed by experts to analyse the threat in detail and applied to detect attacks. Using this technology, we are even able to predict new upcoming Command & Control nodes.

Proactive protection

With access to our internet backbone traffic from around the world and experience in using machine learning as part of a layered approach to cybersecurity, we are ideally positioned to offer botnet infrastructure detection. The new technology is a major benefit to businesses that look for real-time and proactive protection against the growing onslaught of cyber crime. 

With machine learning, we can see behind attacks, add context and identify if these attacks are random or targeted. Our technology not only provides visibility into the customer perimeter, but also far beyond it. It is the world’s first commercial application of the latest machine learning techniques to internet backbone traffic for the purpose of botnet infrastructure detection. Botnet detection is especially important as the number of IoT devices is rapidly expanding and posing new and unique security challenges to businesses around the world.