BotHunter: Detecting malware infection through IDS-driven dialog correlation. SRI’s BotHunter system takes a unique approach to discerning networked computers that are under control of hackers, or may be spreading malware infections. BotHunter is available for free license. SRI welcomes inquiries about redistributing or incorporating BotHunter into other software. Instead of just monitoring attempts to break into a secure network, BotHunter examines data exchanges to distinguish a successful local host infection from myriad attempted intrusions and scans. BotHunter alerts network administrators to identify and disconnect infected computers. BotHunter was developed under a Cyber-Threat Analytics grant from the U.S. Army Research Office. The system monitors network dialog patterns, correlating them to a model of events that typify malware infection. The application creates a summarized alert when a suspected infection is found, and includes an auto-update service regarding latest threats. BotHunter has been shown to be extremely effective in early detection of botnets, in which thousands of computers are eventually compromised to run malicious code, usually for profit. Spyware, spam, viruses, or worms encompass some of the types of malicious code spread by covert botnet infection, but countered by the BotHunter diagnostic tool. The application runs on Unix, Linux, Mac OS, Windows XP, and Vista.

References in zbMATH (referenced in 1 article )

Showing result 1 of 1.
Sorted by year (citations)

  1. Choi, Jaehoon; Kang, Jaewoo; Lee, Jinseung; Song, Chihwan; Jin, Qingsong; Lee, Sunwon; Uh, Jinsun: Mining botnets and their evolution patterns (2013) ioport