BotHunter

BotHunter is a type of bot application that looks for other bots by tracking two-way communication flows between active software inside a private network and external entities... (Continued)

BotHunter is a type of bot application that looks for other bots by tracking two-way communication flows between active software inside a private network and external entities. BotHunter's main purpose is to identify known or suspected malign external entities and to blunt the threats that bot infections can pose.

The term bot, short for robot, refers to a type of software program that operates as an agent for a user or another program, or that simulates human activity. On the Internet, bots search and catalog specific types of information and content. BotHunter carefully analyzes suspicious bots. Sufficient analysis may lead to methods to block or limit a bot's access to specific sites and information assets. The application is designed to ignore (or identify and manage) spiders or crawlers that work for search engines.

BotHunter focuses on the communications dialog that occurs between internal network nodes and external entities in the form of a series of data exchanges. Suspicious bots typically match a state-based infection sequence model. In its initial implementation, BotHunter uses three malware-focused network packet sensors, each of which specializes in various phases of malware infection, including inbound scanning, exploit usage, egg downloading, outbound bot coordination dialogs and outbound attack propagation.

Researcher Guofei Gu of the Georgia Institute of Technology demonstrated BotHunter at the Usenix Security Symposium in Boston, on August 7, 2007. Working with Wenke Lee from Georgia Tech and Phillip Porras, Vinod Yeneswaran and Martin Fong of the Computer Science Laboratory at SRI International, Gu was the lead author for a paper on BotHunter design, technology and characteristics entitled "BotHunter: Detecting Malware Infection Through IDS-Drive Dialog Correlation."

A prototype of this application based on plug-ins to the Open Source Snort intrusion detection package is available for download.

This was first published in August 2007

Continue Reading About BotHunter

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close