Detection and prevention of botnets and malware in an enterprise network

One of the most significant threats faced by enterprise networks is from bots. A bot is a program that operates as an agent for a user and runs simulated tasks over the internet, at a much higher rate than would be possible for a human alone. A collection of bots in a network, used for malicious purposes, is referred to as botnet. Our proposed novel approach can detect and combat bots, adopting a two-pronged strategy, using a stand-alone and a network algorithm. The stand-alone algorithm, which runs independently on each node of the network, monitors active processes on the node and triggers the network algorithm when a suspicious process is identified. The network algorithm will then analyse conversations to and from the hosts to deduce the bot pattern and bot signatures which can subsequently be used by the stand-alone algorithm to thwart bot processes at their very onset.