Current methods for measuring the size of botnets are flawed and may be hampering efforts to fight back against the networks of zombie computers, according to a new report from The European Network and Information Security Agency (ENISA).
The agency issued a 150 page report, “Botnets: Measurement, Detection, Disinfection, and Defence,” released March 7 pointing out inherent flaws in current methods for measuring the size and scope of botnets, which have been linked to denial of service attacks, spam and malicious programs.
Botnet size measurements are not uniform across the security industry and, beyond that, lack a strong scientific basis. That means conclusions drawn from those measurements are unreliable.
Discussions about botnet metrics also generalize. Modern botnets are constantly evolving and serve varied purposes. Rather than lumping them together, the report advises bot networks be classified according to the threat they pose to “stakeholders” – presumably victims across different verticals.
There are many challenges in classifying the bot threat. Botnet assessment and mitigation involves wading through the differing and sometimes conflicting legal frameworks and establishing information sharing standards across various EU member-states. The inherent slowness of bureaucracy makes it difficult to respond to cyber criminals, who change tactics and technology with lightning quickness.
The report is not all gloom though, ENISA researchers are optimistic that closer international cooperation between EU governments and technically-oriented legislative bodies, along with the cooperation of stakeholders, can vastly improve efforts to fight botnets and arrest the criminals who operate them.
In order for this to work, mechanisms need to be put in place to ensure confidentiality and promote trustworthiness among different states and organizations, the report argues.
Image via ENISA’s Botnet report.