To address these issues, we are developing a semantic approach to intrusion detection that uses traditional as well nontraditional sensors collaboratively. Traditional sensors include hardware or software such as network scanners, host scanners, and IDPSs like Snort and Norton AntiVirus. Potential nontraditional sensors include sources such as online forums, blogs, and vulnerability databases which contain textual descriptions of proposed attacks or discovered exploits. After analyzing the data streams from these sensors, the information extracted is added as facts to a knowledge base using a W3C standards based ontology that our group has developed. One of the attacks I am focusing on is botnet attacks which work by having bots perform various malicious activities while under the control of a botmaster. Different botnets have different architectures and communication protocols. I am analyzing the packet capture files of individual botnets looking for patterns that emerge that can be used to identify botnet behavior.