PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

H-SB06.1-008
BOTNET DETECTION AND MITIGATION

NBCHC060134 0611123
(FY06.1 Phase I)
Botnet Detection and Mitigation

Sonalysts, Inc.
215 Parkway North
Waterford, CT 06385-1209

09/01/2006
to
03/15/2007
$100,000.00

Botnets have become a lucrative and monetized line of business for criminal organizations. As of late they have been found in a growing number of cases involving cyber-extortion via Distributed Denial-of-Services (DDOS), and mass phishing where their use of encryption and packing schemes keeps them off the radar of traditional discovery heuristics. The sophistication and proliferation of botnets is such that industry and consumers find themselves victim to crimes committed sometimes months too late. The goal of Sonalysts, Inc. team is to create an architecture that allows consumers, industry, and Government to work together to discover and mitigate botnets. The approach first focuses on developing a descriptive ontology that is used to normalize data between disparate data sources, and thus facilitates sharing and automation. The system will combine normalized data from router net flows, botnet signatures from IDS, and captured signatures in honeypots to feed into a number of distributed automated discovery/correlation systems. The research will pursue the development of a scalable architecture that is used to construct a service-based framework of sensors used to capture botnet signatures and pass information to data mining systems used to correlate it using a discovery taxonomy and/or crack encrypted command and control channels.

H-SB06.1-008
BOTNET DETECTION AND MITIGATION

D07PC72589 (formerly NBCHC070124) 0612016
(FY06.1 Phase II)
Botnet Detection and Mitigation

Sonalysts, Inc.
215 Parkway North
Waterford, CT 06385-1209

07/25/2007
to
10/31/2009
$750,000.00

This Phase II effort will develop a functional prototype of DMnet, a distributed botnet detection and mitigation system. Our Team will develop and integrate state-of-the-art research in ontology, data fusion, data mining, and data warehousing into DMnet nodes. These nodes will be distributed throughout a network and will work together in a "trusted grid" to provide increased cyber awareness for botnet detection and mitigation. This system will be sensor-neutral facilitating the integration of current and emerging sensor technology. The prototype will incorporate multiple algorithms for classification and correlation, a unique ontology, and an innovative user interface. We will create a threat management mechanism to evaluate collected events, provide for mitigation, and will develop recommended operating policies and procedures for DMnet users. Commercial Application. Current network prevention, intrusion detection, and prevention applications tend to be single scope rather than integrated. DMnet represents a convergence technology that will integrate security operations into a single system to minimize losses from the distributed threat of botnets. This technology is immediately applicable to federal Government cyber security efforts, large network operations, ISPs, and security management solution providers.