Inline Botnet Extraction and Prevention
Small Business Information
1420 Spring Hill Road, Suite 600, Mclean, VA, 22102
AbstractPhase I of this project researches a new approach for collecting a higher degree of relevant bot executables by exploiting the infect vector weakness and by utilizing an inline device that both protects systems and captures the bot as it attempts to infect. Most recent botnet research relies on honeynets to collect bots. Reliance on a single collection mechanism, such as honeypots, creates a weakness where attackers can determine targets to avoid. Also, the effectiveness of dark space honeypots in an IPv6 type Internet is unknown. Endeavor proposes a technique that collects and prevents bot malware while infection is attempted against systems, bypassing the dependency on honeypots. Proving the feasibility of extraction in the infection vector in Phase I lays out the foundation for developing the inline botnet extraction and prevention system in phase II. Endeavor has created and operates a commercial decoy sensor grid, FirstLight, which collects and analyzes botnets. We propose leveraging FirstLight including an inline IPS for the proposed research in order to reduce time-to-deployment. The research results will be packaged as a part of our FirstLight commercial offering.
* information listed above is at the time of submission.