Inline Botnet Extraction and Prevention
Phase I of this project researches a new approach for collecting a higher degree of relevant bot executables by exploiting the infect vector weakness and by utilizing an inline device that both protects systems and captures the bot as it attempts to infect. Most recent botnet research relies on honeynets to collect bots. Reliance on a single collection mechanism, such as honeypots, creates a weakness where attackers can determine targets to avoid. Also, the effectiveness of dark space honeypots in an IPv6 type Internet is unknown. Endeavor proposes a technique that collects and prevents bot malware while infection is attempted against systems, bypassing the dependency on honeypots. Proving the feasibility of extraction in the infection vector in Phase I lays out the foundation for developing the inline botnet extraction and prevention system in phase II. Endeavor has created and operates a commercial decoy sensor grid, FirstLight, which collects and analyzes botnets. We propose leveraging FirstLight including an inline IPS for the proposed research in order to reduce time-to-deployment. The research results will be packaged as a part of our FirstLight commercial offering.
Small Business Information at Submission:
Endeavor Systems, Inc.
1420 Spring Hill Road, Suite 600 Mclean, VA 22102
Number of Employees: