Chuck Norris botnet detection plugin

• Authors: PLESNÍK Tomáš; TRUNEČKA Michal; PISKAČ Pavel; VYKOPAL Jan; ČELEDA Pavel
• Year of publication: 2010
• MU Faculty or unit: Institute of Computer Science
• Web: Webová stránka s instalačním balíčkem
• Description: Chuck Norris botnet detection plugin for NfSen collector periodically analyses NetFlow data. The plugin provides output of detection methods aimed at botnet behaviour during its lifecycle: port scanning from infected hosts outside the local network, scanning from infected hosts in the local network, communication with the botnet distribution and control servers, and DNS spoofing.

Related projects

• CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment