Botnets can be a serious problem as they maliciously spam people and attack parts of the Internet’s infrastructure. Researchers at Veermata Jijabai Technological Institute (VJTI) in Mumbai, India have developed a method of detecting botnets and individual computers that have been infected.
This defense strategy has two parts, one that exists on individual computers and another that monitors an entire network. The smaller module uses heuristics to identify suspicious programs on the computer. Malware activity can be distinguished from legitimate programs in several ways, including speed, as software can perform operations faster than humans. When a potential bot is detected, the program notifies the network-scale monitor, which analyzes the data being sent to and from that machine to determine if the computer is indeed infected.
This two-step approach should be able to protect against many botnets, including some that have not yet been discovered, thanks to the heuristic monitoring. It also may cut down on the number of false positives current security methods have.