A key challenge today is the proliferation of botnets—networks of infected computers and devices controlled by an attacker.
These botnets can infect public and private computer infrastructure, controlling millions of nodes from large servers to small internet-of-things devices. Attackers can use the infected nodes to launch coordinated cyber-attacks to steal valuable information or disrupt operations. Botnets are difficult to eliminate because of their distributed nature and span across borders and networks.
STR is exploring how to autonomously identify and neutralize botnet implants. We are developing formally verified software agents that can propagate through networks using advanced artificial intelligence planning algorithms. Our agents perform lateral movement within and across networks, while managing the risk of undesirable side-effects to the host networks. The agents propagate until they reach the infected nodes and then autonomously deploy neutralization effects to cleanse or mitigate the botnet infections. Formal verification ensures that the agents comply with rules of operation. This research was developed with funding from the Defense Advanced Research Projects Agency (DARPA). The views, opinions, and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.