Last Updated: 2006-08-05 14:18:31 UTC
by Mike Poor (Version: 1)
Scenario: mobile malicious code compromises 150 hosts on your network. Those hosts are loaded with bot software. Bots need to talk to a command and control channel, and by observing these surges of bots connecting within a threshold of time... we can detect this anomolous pattern.
Ron has released code and screenshots on his research. Definitely worth checking out.
Mike Poor mike <at> intelguardians.com