Commit stuff

acronyms.tex

@@ -9,7 +9,7 @@
 }
 
 \DeclareAcronym{c2}{
-  short = {{C2 server}},
+  short = {{C\&C server}},
   long  = {{command and control server}}
 }
 

bibliography.bib

@@ -7,3 +7,19 @@
   volume = {Vol. 38, No. 1},
   pages = {86-124}
 }
+
+@article{zhang_building_2014,
+  title = {Building a Scalable System for Stealthy P2P-Botnet Detection},
+  volume = {9},
+  issn = {1556-6013, 1556-6021},
+  url = {http://ieeexplore.ieee.org/document/6661360/},
+  doi = {10.1109/TIFS.2013.2290197},
+  pages = {27--38},
+  number = {1},
+  journaltitle = {{IEEE} Transactions on Information Forensics and Security},
+  shortjournal = {{IEEE} Trans.Inform.Forensic Secur.},
+  author = {Zhang, Junjie and Perdisci, Roberto and Lee, Wenke and Luo, Xiapu and Sarfraz, Unum},
+  urldate = {2021-11-09},
+  date = {2014-01},
+  file = {Full Text:/home/me/Zotero/storage/PFXP8NLV/Zhang et al. - 2014 - Building a Scalable System for Stealthy P2P-Botnet.pdf:application/pdf}
+}

content.tex

@@ -54,5 +54,17 @@ A number of botnet operations were shut down like this and as the defenders uppe
 The idea is to build a decentralized network without single points of failure where the \acp{c2} are.
 In a \ac{p2p} botnet, each node in the network knows a number of it's neighbours and connects to those, each of these neighbours has a list of neighbours on his own, and so on.
 
+\subsection{Detection Techniques for \ac{p2p} Botnets}
+
+\begin{itemize}
+
+  % TODO: BotGrep (in zhang_building_2014)
+  \item Large scale network analysis (hard to differentiate from legitimate \ac{p2p} traffic (\eg{} BitTorrent), hard to get data, knowledge of some known bots required)
+
+  % TODO: BotMiner
+  \item Heuristics: Same traffic patterns, same malicious behaviour
+
+\end{itemize}
+
 
 % vim: set filetype=tex ts=2 sw=2 tw=0 et spell :