Botnet Detection and Mitigation

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: NBCHC060134
Agency Tracking Number: SBAassignedDHS06-1
Amount: $100,000.00
Phase: Phase I
Program: SBIR
Awards Year: 2006
Solicitation Year: N/A
Solicitation Topic Code: H-SB06.1-008
Solicitation Number: N/A
Small Business Information
Sonalysts, Inc.
215 Parkway North, Waterford, CT, 06385
DUNS: N/A
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Owen McCusker
 Principal Investigator
 (860) 326-3741
 mccusker@sonalysts.com
Business Contact
 Jane Goldsmith
Title: Proposals Manager
Phone: (860) 442-4355
Email: goldjane@sonalysts.com
Research Institution
 University of Connecticut
 Dr. Steven A Demurjian
 University of Connecticut
Storrs, CT, 06269-0215
 (860) 486-3719
 Nonprofit college or university
Abstract
Botnets have become a lucrative and monetized line of business for criminal organizations. As of late they have been found in a growing number of cases involving cyber-extortion via Distributed Denial-of-Services (DDOS), and mass phishing where their use of encryption and packing schemes keeps them off the radar of traditional discovery heuristics. The sophistication and proliferation of botnets is such that industry and consumers find themselves victim to crimes committed sometimes months too late. The goal of Sonalysts, Inc. team is to create an architecture that allows consumers, industry, and Government to work together to discover and mitigate botnets. The approach first focuses on developing a descriptive ontology that is used to normalize data between disparate data sources, and thus facilitates sharing and automation. The system will combine normalized data from router net flows, botnet signatures from IDS, and captured signatures in honeypots to feed into a number of distributed automated discovery/correlation systems. The research will pursue the development of a scalable architecture that is used to construct a service-based framework of sensors used to capture botnet signatures and pass information to data mining systems used to correlate it using a discovery taxonomy and/or crack encrypted command and control channels.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government