DARPA Wants to Find Botnets Before They Attack

The military’s research branch is investing in systems that automatically locate and dismantle botnets before hackers use them to cripple websites, companies or even entire countries.

The Defense Advanced Research Projects Agency on Aug. 30 awarded a $1.2 million contract to cybersecurity firm Packet Forensics to develop novel ways to locate and identify these hidden online armies. The award comes as part of the agency’s Harnessing Autonomy for Countering Cyber-adversary Systems program, a DARPA spokesperson told Nextgov.

To build botnets, hackers infect internet-connected devices with malware that allows them to execute orders from a remote server. Because the virus sits dormant most of the time, the owners of infected devices rarely know their computer, smartphone or toaster has been compromised.

Through the HACCS program, DARPA aims to build a system that can automatically pinpoint botnet-infected devices and disable their malware without their owners ever knowing.

Launched in 2017, the program is investing in three main technologies: systems that uncover and fingerprint botnets across the internet, tools that upload software to infected devices through known security gaps, and software that disables botnet malware once it’s uploaded. Packet Forensics’ technology falls under that first category, the DARPA spokesperson said.

Eventually DARPA plans to integrate each of those technologies into a single system that can spot, raid and neutralize botnet-infected devices without any human involvement. Because the tool would only target botnet malware, people could continue using the devices just as they had before, the agency said in the program announcement.

During phase one of the three-part project, Packet Forensics will build a technology capable of scanning some five percent of global IP addresses and detecting botnets with 80 percent accuracy. By the end of the program, DARPA anticipates the system to analyze 80 percent of the global internet and correctly spot botnets 95 percent of the time.

The effort is scheduled to last to four years, with the first phase running 16 months. Later phases include additional funding.