Botnet Analytics Appliance (BNA)

As reported by Internet security threat reports, Bot networks are becoming the focal point for cybercriminals. Milcord and the University of Wisconsin, responds to this challenge with our proposal ¿ a ¿Bayesian Activity Monitor for Botnet Defense¿ (BAM-BD). In this proposal, we will research, design, and develop a botnet detection and mitigation tool that automatically classifies botnet behavior, scans for malicious codes on networks and machines, and recommends solutions to mitigate the attacks to system security analysts and administrators. The successful execution of such a project requires, first, an Internet laboratory that captures the botnet mindset. The Wisconsin Advanced Internet Laboratory (WAIL) provides us exactly that - a top-tier DHS PREDICT (Protected REpository for Defense of Infrastructure against Cyber Threats) laboratory resource. Second, a successful execution requires the ability to distinguish between botnets from worms and misconfigurations. Our Bayesian network based incident analysis technology from our Incident Response Decision Aid (irDA) project solves this issue by starting with University of Wisconsin¿s NetSA body of work. Third, a successful transition to a commercial environment demands an extensible approach where the evolving bot threats are modeled, and classified with ease. Our data driven learning algorithms will ensure that these objectives are met.