BotHunter

The term bot, short for robot, refers to a type of software program that operates as an agent for a user or another program, or that simulates human activity. On the Internet, bots search and catalog specific types of information and content. BotHunter carefully analyzes suspicious bots. Sufficient analysis may lead to methods to block or limit a bot's access to specific sites and information assets. The application is designed to ignore (or identify and manage) spiders or crawlers that work for search engines.

BotHunter focuses on the communications dialog that occurs between internal network nodes and external entities in the form of a series of data exchanges. Suspicious bots typically match a state-based infection sequence model. In its initial implementation, BotHunter uses three malware-focused network packet sensors, each of which specializes in various phases of malware infection, including inbound scanning, exploit usage, egg downloading, outbound bot coordination dialogs and outbound attack propagation.

Researcher Guofei Gu of the Georgia Institute of Technology demonstrated BotHunter at the Usenix Security Symposium in Boston, on August 7, 2007. Working with Wenke Lee from Georgia Tech and Phillip Porras, Vinod Yeneswaran and Martin Fong of the Computer Science Laboratory at SRI International, Gu was the lead author for a paper on BotHunter design, technology and characteristics entitled "BotHunter: Detecting Malware Infection Through IDS-Drive Dialog Correlation."

A prototype of this application based on plug-ins to the Open Source Snort intrusion detection package is available for download.

Learn more about Windows Security: Alerts, Updates and Best Practices

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Here's the free download page for BotHunter. - The paper, 'BotHunter: Detecting Malware Infection Through IDS-Drive Dialog Correlation,' is available online. (PDF) - A SearchSecurity.com article announces BotHunter's debut. - The ITU's newsblog covers 'SRI and Georgia Tech’s New BotHunter Tool.'

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Microsoft to address flaws in Windows, Office for Mac Vulnerabilities affecting Windows and Microsoft Office will be updated next week, according to the software giant's advance notification. Microsoft fixes security update that breaks Internet Explorer An update released Monday corrects two issues that affect the proper display of Web pages. What is the best database patch management process? Michael Cobb reviews how to handle database patches in the enterprise.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary principle of least privilege (POLP)  (SearchSecurity.com) The principle of least privilege (POLP) is the practice of limiting access to the minimal level that will allow normal functioning. Applied to... security identifier  (SearchSecurity.com)