BotHunter

The term bot, short for robot, refers to a type of software program that operates as an agent for a user or another program, or that simulates human activity. On the Internet, bots search and catalog specific types of information and content. BotHunter carefully analyzes suspicious bots. Sufficient analysis may lead to methods to block or limit a bot's access to specific sites and information assets. The application is designed to ignore (or identify and manage) spiders or crawlers that work for search engines.

BotHunter focuses on the communications dialog that occurs between internal network nodes and external entities in the form of a series of data exchanges. Suspicious bots typically match a state-based infection sequence model. In its initial implementation, BotHunter uses three malware-focused network packet sensors, each of which specializes in various phases of malware infection, including inbound scanning, exploit usage, egg downloading, outbound bot coordination dialogs and outbound attack propagation.

Researcher Guofei Gu of the Georgia Institute of Technology demonstrated BotHunter at the Usenix Security Symposium in Boston, on August 7, 2007. Working with Wenke Lee from Georgia Tech and Phillip Porras, Vinod Yeneswaran and Martin Fong of the Computer Science Laboratory at SRI International, Gu was the lead author for a paper on BotHunter design, technology and characteristics entitled "BotHunter: Detecting Malware Infection Through IDS-Drive Dialog Correlation."

A prototype of this application based on plug-ins to the Open Source Snort intrusion detection package is available for download.

Read more about BotHunter: - Here's the free download page for BotHunter. - The paper, 'BotHunter: Detecting Malware Infection Through IDS-Drive Dialog Correlation,' is available online. (PDF) - A SearchSecurity.com article announces BotHunter's debut. - The ITU's newsblog covers 'SRI and Georgia Tech’s New BotHunter Tool.'

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Application and Platform Security,   Windows Security: Alerts, Updates and Best Practices,   Operating System Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT When BIOS updates become malware attacks Information security threats expert Sherri Davidoff explains how attackers can plant BIOS malware and how security pros can thwart such attacks. Microsoft patches WebDAV security vulnerability in bevy of updates Zero-day flaws in Microsoft Internet Information Services (IIS) Web server and Internet Explorer were among 31 vulnerabilities repaired Tuesday. Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities The software giant plans to issue six critical bulletins repairing flaws in Internet Explorer, Word, Excel and Office.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary principle of least privilege (POLP)  (SearchSecurity.com) The principle of least privilege (POLP) is the practice of limiting access to the minimal level that will allow normal functioning. Applied to... security identifier  (SearchSecurity.com)