Print Print  
Award Information
Proposal Number: 0611147
Proposal Title: Inline Botnet Extraction and Prevention
Topic Number: H-SB06.1-008
Phase: Phase I
Organization: Endeavor Systems, Inc.
Address: 1420 Spring Hill Rd
Suite 202
McLean , VA 20852-3026  
Abstract: Phase I of this project researches a new approach for collecting a higher degree of relevant bot executables by exploiting the infect vector weakness and by utilizing an inline device that both protects systems and captures the bot as it attempts to infect. Most recent botnet research relies on honeynets to collect bots. Reliance on a single collection mechanism, such as honeypots, creates a weakness where attackers can determine targets to avoid. Also, the effectiveness of dark space honeypots in an IPv6 type Internet is unknown. Endeavor proposes a technique that collects and prevents bot malware while infection is attempted against systems, bypassing the dependency on honeypots. Proving the feasibility of extraction in the infection vector in Phase I lays out the foundation for developing the inline botnet extraction and prevention system in phase II. Endeavor has created and operates a commercial decoy sensor grid, FirstLight, which collects and analyzes botnets. We propose leveraging FirstLight including an inline IPS for the proposed research in order to reduce time-to-deployment. The research results will be packaged as a part of our FirstLight commercial offering.
Award/Contract Number: NBCHC060137
Period of Performance: 09/01/2006 - 03/15/2007
Award/Contract Value: $100,000.00
Award/Obligated Amount: $100,000.00