Print Print  
Award Information
Proposal Number: 0611149
Proposal Title: Enterprise Botnet Detection System
Topic Number: H-SB06.1-008
Phase: Phase I
Organization: HBGary, Inc.
Address: 6900 Wisconsin Avenue, Suite 706
Chevy Chase, MD 20815-6114  
Abstract: A botnet is a network of robots or "bots" installed surreptitiously on computer hosts and controller to do the attacker's bidding via remote command and control systems. Most bots employ stealth methods to hide communications and bot installation. Detecting a botnet by examining network traffic is extremely difficult since botnets frequently mask their existence by using multiple host proxies and network connections, different protocols, and encryption. The "weak link" in the botnet architecture component is the host-based bot component itself. While the bot may employ obfuscation or software protection mechanisms, ultimately it must become unobfuscated and unpacked in order to execute, and it leaves behind telltale evidence of its existence. Detection and forensics of the host based bot is the basis of this proposal. Current bot and botnet detection methods rely mostly on static signatures of known bots. HBGary proposes the Enterprise Botnet Detection System (EBDS) which will overcome the stealthy nature of advanced bots, detect and assess previously unknown bots, and provide remote forensics technologies to mitigate future botnet attacks.
Award/Contract Number: NBCHC060136
Period of Performance: 09/01/2006 - 03/15/2007
Award/Contract Value: $100,000.00
Award/Obligated Amount: $100,000.00