BotHunter

View previous topic View next topic Go down

BotHunter

Post by Safan on 24th August 2009, 6:21 pm

BotHunter is an application designed to track the two-way communication flows between internal assets and external entities, developing an evidence trail of data exchanges that match a state-based infection sequence model. BotHunter consists of a correlation engine that is driven by a customized and augmented release of Snort version 2, which tracks the underlying actions that occur during the malware infection process: inbound scanning, exploit usage, egg downloading, outbound bot coordination dialog, outbound attack propagation, and malware P2P communication. The BotHunter correlator then ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection. When a sequence of evidence is found to match BotHunter's infection dialog model, a consolidated report is produced to capture all the relevant events and event sources that played a role during the infection process. We refer to this analytical strategy of matching the dialog flows between internal assets and the broader Internet as dialog-based correlation (patent pending).

BotHunter is available free for both experimental operational use and to help stimulate research in understanding the life cycle of malware infections.

Download: http://www.bothunter.net/

Safan
Master
Master

Posts Posts : 3290
Joined Joined : 2008-03-03
Gender Gender : Male
OS OS : Windows 7 x64
Protection Protection : McAfee Security Center
Points Points : 40893
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum