Botprobe was founded by Mark Graham and Adrian Winckles, as a offshoot of Mark’s PhD research…
Mark sets about creating a neural network learning algorithm for detecting botnets.
Mark needs a lot of high quality data to train the detection algorithm.
7 PC were networked. Traffic was captured over 2 days.
Results: 4GB of data.
Problem: Far too much data for efficient analysis.
Mark sets about the painstakingly manually analysing 4GB of traffic data to look for a solution.
It becomes evident that most of this data is not needed in threat detection. Almost 95% of source data can be discarded.
Botprobe was born…
The same is true for almost any type of malware. No threat detection engine analyses every single field in every single network packet. How many separate fields are used across an entire Intrusion Detection rule-set? Probably not much more than a few dozen. So why feed it all the data from every packet? It only makes detection slower, inefficient and ineffective.
Botprobe provides hardware and software tools to efficiently and accurately capture threat data, that can be fed into your existing threat detection infrastructure.
You don’t have to replace what you already have, but you can make it more effective.
* icons courtesy of www.flatiron.co.uk and https://thenounproject.com/