What Does Bothunter Mean?
In IT, a bothunter is a tool provisioned to assess or work with virtual “bots.” A common example of a bothunter is a UNIX utility (known as “BotHunter”) that looks at “bot” behavior within a network.
Techopedia Explains Bothunter
The makers of the Unix BotHunter describe it as a “network defense algorithm” that detects certain kinds of automated scripts such as spambots, worms, adware and different types of malware programs. The BotHunter tool is partially derived from an algorithm referred to as “network dialog correlation” developed in private research by trade groups.
Using the network traffic analysis tool known as Snort, BotHunter analyzes individual data exchanges to figure out whether they represent certain types of malware processes. BotHunter compares its collected processes against models or profiles of various malware infections. In other words, rather than defining actual collected data against the baseline for what is normal in a network, BotHunter tries to use profiles of infection activity to characterize what it finds in a given network cycle.
Automated scripts characterized as “bots” play a wide variety of roles in data transmission across global networks. While some of them can be relatively innocuous, others can be identified as certain types of cyberattacks or hacking. Tools like bothunters help security professionals to build more secure systems and use more network monitoring tools to protect their digital assets.