Next-Generation Botnet Detection and Response

Abstract

In this project, we developed dynamic DNS monitoring heuristics to identify domains used for botnet command and control, as well as anomaly detection algorithms for Recursive DNS servers at ISPs and enterprise networks to detect botnet command and control activities. We also developed botnet detection systems for enterprise networks. These systems include BotHunter, BotSniffer, BotMiner, and BotProbe. We formed a start-up company Damballa, Inc. to deliver anti-botnet technologies to government and enterprise customers.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 24, 2008
Accession Number
ADA500564

Entities

People

  • Wenke Lee

Organizations

  • Georgia Tech

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Abstracts
  • Agreements
  • Algorithms
  • Anomaly Detection
  • Change Detection
  • Command And Control
  • Contract Administration
  • Cybersecurity
  • Demographic Cohorts
  • Department Of Defense
  • Detection
  • Governments
  • Infection
  • Mathematics
  • Probability
  • Random Walk
  • Students

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.

Technology Areas

  • Fully Networked C3
  • Fully Networked C3 - Command and Control