You are here

Botnet Analytics Appliance (BNA)

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: NBCHC070126
Agency Tracking Number: 615002
Amount: $800,000.00
Phase: Phase II
Program: STTR
Solicitation Topic Code: H-SB06.1-008
Solicitation Number: N/A
Timeline
Solicitation Year: 2006
Award Year: 2007
Award Start Date (Proposal Award Date): 2007-09-20
Award End Date (Contract End Date): 2010-09-30
Small Business Information
1050 Winter Street Suite 1000
Waltham, MA 02451
United States
DUNS: N/A
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Alper Caglayan
 Principal Scientist
 (781) 839-7138
 acaglayan@milcord.com
Business Contact
 Alper Caglayan
Title: President
Phone: (781) 839-7138
Email: acaglayan@milcord.com
Research Institution
 Sandia National Laboratories
 Kevin Robbins
 
PO Box 5800 / MS 1368
Albuquerque, NM 87185 1368
United States

 (505) 844-0747
 Federally funded R&D center (FFRDC)
Abstract

Recent reports indicate the activity of more than 6,000 botnet C and C servers. 70 million zombies are responsible for 80 percent of SPAM. Given the exponential growth of the botnet threat, the security of our nation s cyber infrastructure demand automated botnet activity monitoring solutions.

In Phase I, Milcord developed a feasibility prototype of a Bayesian Activity Monitor for Botnet Defense. We developed: indicators for measuring botnet behavior, mechanisms for capturing and analyzing packet content to detect bot commands, blacklist interfaces, and a set of Belief Networks that fuse network indicators, DNS data, and bot commands in order to detect and classify botnet behavior. Our results have in general shown the feasibility of learning and predicting botnet behavior at the network level, and blacklist membership in DNS queries.

In Phase II, we propose to develop a full-scale prototype of a Botnet Analytics Appliance, BNA, that leverages botnet intelligence contextual knowledge and integrates with Security Event Management platforms, and transition this technology to commercialize use. The development of our Phase II prototype will not only leverage contextual knowledge obtained from real-time aggregated botnet intelligence data and cybersecurity infrastructures but also contribute to the botnet community knowledge base enhancing DHS cyber security mission.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government