Vincent Arnold

Researchers this week detailed a prototype system to identify and eradicate botnets in the wild.

Georgia Tech’s BotSniffer uses network-based anomaly detection to identify botnet command and control channels in a local area network without any prior knowledge of signatures or server addresses, the researchers said.  The idea is to ultimately detect and disrupt botnet infected hosts in the network.

The researchers said their prototype, which was presented at the Internet Society’s Network and Distributed System Security Symposium this week,  is based on the fact that botnets engage in coordinated communication, propagation, and attack and fraudulent activities. BotSniffer, can capture network command and control protocols and utilize statistical algorithms to detect botnets.  The researchers also said they built BotSniffer detectors as plug-ins on top of the popular open source Snort intrusion/detection system but that BotSniffer is independent of Snort and not included in Snort distribution.

Source: Network World

This entry was posted on Tuesday, February 19th, 2008 at 6:27 am and is filed under Attack Vector.