From 2fb5ea1fce3c4ac9bd6c77ed7a50070b208f33c7 Mon Sep 17 00:00:00 2001 From: Valentin Brandl Date: Tue, 9 Nov 2021 13:33:05 +0100 Subject: [PATCH] Commit stuff --- acronyms.tex | 2 +- bibliography.bib | 16 ++++++++++++++++ content.tex | 12 ++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/acronyms.tex b/acronyms.tex index ed861627..937982a2 100644 --- a/acronyms.tex +++ b/acronyms.tex @@ -9,7 +9,7 @@ } \DeclareAcronym{c2}{ - short = {{C2 server}}, + short = {{C\&C server}}, long = {{command and control server}} } diff --git a/bibliography.bib b/bibliography.bib index 080c5b63..5adca629 100644 --- a/bibliography.bib +++ b/bibliography.bib @@ -7,3 +7,19 @@ volume = {Vol. 38, No. 1}, pages = {86-124} } + +@article{zhang_building_2014, + title = {Building a Scalable System for Stealthy P2P-Botnet Detection}, + volume = {9}, + issn = {1556-6013, 1556-6021}, + url = {http://ieeexplore.ieee.org/document/6661360/}, + doi = {10.1109/TIFS.2013.2290197}, + pages = {27--38}, + number = {1}, + journaltitle = {{IEEE} Transactions on Information Forensics and Security}, + shortjournal = {{IEEE} Trans.Inform.Forensic Secur.}, + author = {Zhang, Junjie and Perdisci, Roberto and Lee, Wenke and Luo, Xiapu and Sarfraz, Unum}, + urldate = {2021-11-09}, + date = {2014-01}, + file = {Full Text:/home/me/Zotero/storage/PFXP8NLV/Zhang et al. - 2014 - Building a Scalable System for Stealthy P2P-Botnet.pdf:application/pdf} +} diff --git a/content.tex b/content.tex index 8b09ce17..2b41e54f 100644 --- a/content.tex +++ b/content.tex @@ -54,5 +54,17 @@ A number of botnet operations were shut down like this and as the defenders uppe The idea is to build a decentralized network without single points of failure where the \acp{c2} are. In a \ac{p2p} botnet, each node in the network knows a number of it's neighbours and connects to those, each of these neighbours has a list of neighbours on his own, and so on. +\subsection{Detection Techniques for \ac{p2p} Botnets} + +\begin{itemize} + + % TODO: BotGrep (in zhang_building_2014) + \item Large scale network analysis (hard to differentiate from legitimate \ac{p2p} traffic (\eg{} BitTorrent), hard to get data, knowledge of some known bots required) + + % TODO: BotMiner + \item Heuristics: Same traffic patterns, same malicious behaviour + +\end{itemize} + % vim: set filetype=tex ts=2 sw=2 tw=0 et spell :