Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Kill the Bots!
Software thwarts malicious hackers

Context: The malicious computer programs known as “worms” infect more than 30,000 new computers every day. Unbeknownst to their owners, the compromised machines follow orders to send spam, say, or to access particular websites. If enough of these so-called zombie machines simultaneously contact a particular Web server, they can knock it out of commission. Professional hackers have used the threat of such “distributed denial-of-service attacks” to extort money from businesses. Last year, one company’s business manager was indicted for paying hackers to use zombies to take down competitors’ websites. The zombies dodge a Web server’s defenses by disguising themselves as legitimate users and then block access to the server by overloading not only its network bandwidth, but also its CPU, memory, disk space, and database resources. Now, led by Dina Katabi, researchers from MIT, Princeton University, and Akamai Technologies have developed Kill-Bots, a clever, simple, and cheap means of distinguishing friend from foe. Unlike other products, it allocates a server’s system resources only after a user is confirmed as legitimate.

Methods and Results: Kill-Bots, a software modification to a server’s operating system, kicks in whenever a website is in danger of being overwhelmed by traffic. The software asks requesters to solve a simple graphical puzzle before it grants access to server resources like buffer space. Humans can solve these puzzles easily; zombies cannot do so at all. Addresses that repeatedly request site access without solving the puzzle are blacklisted automatically. When the load on the Web server decreases, it stops issuing puzzles and accepts requests from nonblacklisted addresses, so even real users who did not solve the puzzle can gain access.
In experiments, a Kill-Bots-protected Web server successfully endured five times as many hits as an unprotected Web server. Not only did the Web server stay online, but protected websites also maintained speedy response times, even during the height of the attack.

Why it Matters: Worries over dis­tributed denial-of-service attacks are spreading. Most Web server defenses use authentication procedures that are easily outwitted and depend on replicated content, mul­tiple CPUs, and extra bandwidth, all of which cost money. Kill-Bots is much cheaper and can be easily deployed; it requires no changes in users’ Web browsers and works with the very large number of Web servers running Linux. Although Kill-Bots occasionally misclassifies legitimate users as zombies, it allows websites under attack to remain available and so promises to keep the Web open for business, while barring the way for thieves and vandals.

Source: Kandula, S., et al. 2005. Botz-4-Sale: surviving organized DDoS attacks that mimic flash crowds. Paper presented at 2nd Symposium on Networked Systems Design and Implementation. May 2–4. Boston, MA.

1 comment. Share your thoughts »

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me