BotHunter

The term bot, short for robot, refers to a type of software program that operates as an agent for a user or another program, or that simulates human activity. On the Internet, bots search and catalog specific types of information and content. BotHunter carefully analyzes suspicious bots. Sufficient analysis may lead to methods to block or limit a bot's access to specific sites and information assets. The application is designed to ignore (or identify and manage) spiders or crawlers that work for search engines.

BotHunter focuses on the communications dialog that occurs between internal network nodes and external entities in the form of a series of data exchanges. Suspicious bots typically match a state-based infection sequence model. In its initial implementation, BotHunter uses three malware-focused network packet sensors, each of which specializes in various phases of malware infection, including inbound scanning, exploit usage, egg downloading, outbound bot coordination dialogs and outbound attack propagation.

Researcher Guofei Gu of the Georgia Institute of Technology demonstrated BotHunter at the Usenix Security Symposium in Boston, on August 7, 2007. Working with Wenke Lee from Georgia Tech and Phillip Porras, Vinod Yeneswaran and Martin Fong of the Computer Science Laboratory at SRI International, Gu was the lead author for a paper on BotHunter design, technology and characteristics entitled "BotHunter: Detecting Malware Infection Through IDS-Drive Dialog Correlation."

A prototype of this application based on plug-ins to the Open Source Snort intrusion detection package is available for download.

Read more about BotHunter: - Here's the free download page for BotHunter. - The paper, 'BotHunter: Detecting Malware Infection Through IDS-Drive Dialog Correlation,' is available online. (PDF) - A SearchSecurity.com article announces BotHunter's debut. - The ITU's newsblog covers 'SRI and Georgia Tech’s New BotHunter Tool.'

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Vendors rally to repair dangerous DNS flaw Microsoft, Cisco, ISC BIND and others have issued a coordinated release of patches to correct a DNS error that could lead to DNS cache poisoning. Microsoft issues DNS, SQL Server updates Four security bulletins address a DNS server spoofing vulnerability and a flaw in SQL Server that could allow an elevation of privilege of an... Inside MSRC: Microsoft issues guidance on DNS server update Microsoft's Bill Sisk of the Microsoft Security Response Center said the DNS client and server updates should be applied carefully to avoid imparing...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com) Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and...