Botnets and other large-scale malicious behaviors present a pervasive and evolving threat to cyber security. Stealth botnets and distributed, stealthy cyber attacks present a particular challenge to cyber defense because their malicious behavior is difficult to detect. State-of-the-art and next-generation cyber security algorithms will be capable of detecting and preventing stealthy and distributed cyber attacks. Effectively using these algorithms requires a network security infrastructure capable of collecting network traffic information for a large number of networks over long periods of time, making decisions based on accumulated network traffic information, and implementing new policies on network security hardware. ATC-NY will develop BotMesh, a network sensor infrastructure and framework for cyber security algorithms. The BotMesh architecture manages the collection and storage of filtered network traffic information from a large, distributed collection of network sensors, the application of computationally-intensive algorithms to collected data, visualization and decision-making based on the results of these algorithms, and the alteration of network security policies in response to identified threats. With BotMesh, a future algorithm to detect a type of stealthy botnet attack can be rapidly implemented and deployed on an existing network of sensors, quickly detecting, identifying, and defending against hostile stealth botnets and similar threats.
Small Business Information at Submission:
ATC - NY
33 Thornwood Drive, Suite 500 Ithaca, NY -
Number of Employees: