Not-a-Bot (NAB): Improving Service Availability in the Face of Botnet Attacks

Gummadi, Ramakrishna; Balakrishnan, Hari; Maniatis, Petros; Ratnasamy, Sylvia

Author(s)

Gummadi, Ramakrishna; Balakrishnan, Hari; Maniatis, Petros; Ratnasamy, Sylvia

DownloadBalakrishnan-Not-a-Bot.pdf (380.8Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike 3.0 http://creativecommons.org/licenses/by-nc-sa/3.0/

Metadata

Show full item record

Abstract

A large fraction of email spam, distributed denial-of-service (DDoS) attacks, and click-fraud on web advertisements are caused by traffic sent from compromised machines that form botnets. This paper posits that by identifying human-generated traffic as such, one can service it with improved reliability or higher priority, mitigating the effects of botnet attacks. The key challenge is to identify human-generated traffic in the absence of strong unique identities. We develop NAB (``Not-A-Bot''), a system to approximately identify and certify human-generated activity. NAB uses a small trusted software component called an attester, which runs on the client machine with an untrusted OS and applications. The attester tags each request with an attestation if the request is made within a small amount of time of legitimate keyboard or mouse activity. The remote entity serving the request sends the request and attestation to a verifier, which checks the attestation and implements an application-specific policy for attested requests. Our implementation of the attester is within the Xen hypervisor. By analyzing traces of keyboard and mouse activity from 328 users at Intel, together with adversarial traces of spam, DDoS, and click-fraud activity, we estimate that NAB reduces the amount of spam that currently passes through a tuned spam filter by more than 92%, while not flagging any legitimate email as spam. NAB delivers similar benefits to legitimate requests under DDoS and click-fraud attacks.

Date issued

2009-04

URI

http://hdl.handle.net/1721.1/73143

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI ’09

Publisher

USENIX Association

Citation

Gummadi, Ramakrishna et al. "Not-a-Bot (NAB): Improving Service Availability in the Face of Botnet Attacks." Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI ’09. April 22-24, 2009, Boston, Mass. p. 307-320. http://static.usenix.org/events/nsdi09/tech/

Version: Author's final manuscript

Collections

MIT Open Access Articles

DSpace@MIT