Inline Botnet Extraction and Prevention
Inline Botnet Extraction And Response, iBEAR is a holistic solution of addressing botnets with collection, analysis, and prevention capability. The iBEAR is built on the success of our phase I research of botnet collection. Collection of malware is done through decoy and inline network prevention system to capture target malware and scanning malware without risking the end systems. A hybrid analysis approach uses both Pattern Recognition and Control Flow Graphs,CFG, to determine invariant attributes of the malware communications. The system then implements prevention rules to deny any botnet communication. While excited about our high quality botnet collections being used in Microsoft MSRT, Live OneCare and Window Defender, Endeavor proposes to develop a robust, automated iBEAR which is capable of handling large volume of botnets. Leveraging the FirstLight infrastructure, the generated signatures from iBEAR can be distributed globally across organizations.
* information listed above is at the time of submission.