diff --git a/content.tex b/content.tex index b3b56270..256c4215 100644 --- a/content.tex +++ b/content.tex @@ -140,9 +140,11 @@ There are three subtypes auf active detection: \end{itemize} %}}} detection criteria +%}}} introduction + %{{{ methodology -\subsection{Methodology} +\section{Methodology} The implementation of the concepts of this work will be done as part of \ac{bms}\footnotemark, a monitoring platform for \ac{p2p} botnets described by \citeauthor{bock_poster_2019} in~\cite{bock_poster_2019}. \Ac{bms} uses a hybrid active approach of crawlers and sensors (reimplementations of the \ac{p2p} protocol of a botnet, that won't perform malicious actions) to collect live data from active botnets. @@ -162,9 +164,41 @@ That sensor will be responsible to monitor the new node. If it is not possible, to select a specific sensor so that the monitoring activity stays inconspicuous, the coordinator can do a complete shuffle of all nodes between the sensors to restore the wanted graph properties or warn if more sensors are required to stay undetected. + +%{{{ primitives +\subsection{Protocol Primitives} + +The coordination protocol must allow the following operations: + +%{{{ sensor to backend +\subsubsection{Sensor to Backend} + +\begin{itemize} + + \item \mintinline{go}{registerSensor(capabilities)}: Register new sensor with capabilities (which botnet, available bandwidth, \ldots) + + \item \mintinline{go}{unreachable(targets)}: + +\end{itemize} + +%}}} sensor to backend + +%{{{ backend to sensor +\subsubsection{Backend to Sensor} + +\begin{itemize} + + \item \mintinline{go}{startCrawling(targets)}: Start crawling a batch of nodes for a specified time or until stopped, with \mintinline{go}{targets} being a list of targets and each target consists of a botnet identifier, IP address, port, bot identifier, how long and how often this bot should be monitored + + \item \mintinline{go}{stopCrawling(targets)}: Stop crawling a batch of nodes + +\end{itemize} + +%}}} backend to sensor + +%}}} primitives + %}}} methodology -%}}} introduction - % vim: set filetype=tex ts=2 sw=2 tw=0 et foldmethod=marker spell :