BotHunter is a novel, "dialog-correlation-based engine"  which recognizes the communication patterns of malware-infected computers within your network perimeter. BotHunter is a passive traffic monitoring system, which ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection.
When a sequence of in and outbound dialog warnings are found to match BotHunter's infection dialog model, a consolidated report is produced to capture all of the relevant events and event sources that played a role during the infection process.

http://www.cyber-ta.org/releases/botHunter/

Urs