Print Print  
Award Information
Proposal Number: 0615002
Proposal Title: Botnet Analytics Appliance (BNA)
Topic Number: H-SB06.1-008
Phase: Phase II
Topic Title: BOTNET DETECTION AND MITIGATION
Organization: Milcord LLC
Address: 1050 Winter Street Suite 1000
Waltham, MA 02451-1406  
Abstract: Recent reports indicate the activity of more than 6,000 botnet C&C servers. 70 million zombies are responsible for 80% of SPAM. Given the exponential growth of the botnet threat, the security of our nation's cyber infrastructure demand automated botnet activity monitoring solutions. In Phase I, Milcord developed a feasibility prototype of a "Bayesian Activity Monitor for Botnet Defense". We developed: indicators for measuring botnet behavior, mechanisms for capturing and analyzing packet content to detect bot commands, blacklist interfaces, and a set of Belief Networks that fuse network indicators, DNS data, and bot commands in order to detect and classify botnet behavior. Our results have in general shown the feasibility of learning and predicting botnet behavior at the network level, and blacklist membership in DNS queries. In Phase II, we propose to develop a full-scale prototype of a Botnet Analytics Appliance (BNA) that leverages botnet intelligence contextual knowledge and integrates with Security Event Management platforms, and transition this technology to commercialize use. The development of our Phase II prototype will not only leverage contextual knowledge obtained from real-time aggregated botnet intelligence data and cybersecurity infrastructures but also contribute to the botnet community knowledge base enhancing DHS cyber security mission.
Award/Contract Number: NBCHC070126
Period of Performance: 08/31/2007 - 09/30/2010
Award/Contract Value: $800,000.00
Award/Obligated Amount: $800,000.00