Home » Story links » Param's story links

BotHunter - Dialog-correlation-based engine

Link: http://www.cyber-ta.org/BotHunter/
Points: 604 views User: Param Comments: 1 Comments Tag:

BotHunter is a novel, dialog-correlation-based engine (patent-pending), which recognizes the communication patterns of malware-infected computers within your network perimeter. BotHunter is a passive traffic monitoring system, which ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection.

When a sequence of in and outbound dialog warnings are found to match BotHunter's infection dialog model, a consolidated report is produced to capture all of the relevant events and event sources that played a role during the infection process.


This is a great tool

Submitted by Anonymous on Tue, 2007-08-07 14:10.

This is a great tool and presentation, specially because the bothunter is based on open source tool snort ...

Its a nice way of correlating ids events and detect bots.

Thanks :)

»

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options