vbrandl/masterthesis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Some content

Browse Source
This commit is contained in:
Valentin Brandl 2021-12-07 17:42:39 +01:00
parent 0c4539ba40
commit ce3c56af72
1 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
content.tex
View File

@ -140,9 +140,11 @@ There are three subtypes auf active detection:
\end{itemize} \end{itemize}
%}}} detection criteria %}}} detection criteria
%}}} introduction
%{{{ methodology %{{{ methodology
\subsection{Methodology} \section{Methodology}
The implementation of the concepts of this work will be done as part of \ac{bms}\footnotemark, a monitoring platform for \ac{p2p} botnets described by \citeauthor{bock_poster_2019} in~\cite{bock_poster_2019}. The implementation of the concepts of this work will be done as part of \ac{bms}\footnotemark, a monitoring platform for \ac{p2p} botnets described by \citeauthor{bock_poster_2019} in~\cite{bock_poster_2019}.
\Ac{bms} uses a hybrid active approach of crawlers and sensors (reimplementations of the \ac{p2p} protocol of a botnet, that won't perform malicious actions) to collect live data from active botnets. \Ac{bms} uses a hybrid active approach of crawlers and sensors (reimplementations of the \ac{p2p} protocol of a botnet, that won't perform malicious actions) to collect live data from active botnets.
@ -162,9 +164,41 @@ That sensor will be responsible to monitor the new node.
If it is not possible, to select a specific sensor so that the monitoring activity stays inconspicuous, the coordinator can do a complete shuffle of all nodes between the sensors to restore the wanted graph properties or warn if more sensors are required to stay undetected. If it is not possible, to select a specific sensor so that the monitoring activity stays inconspicuous, the coordinator can do a complete shuffle of all nodes between the sensors to restore the wanted graph properties or warn if more sensors are required to stay undetected.
%{{{ primitives
\subsection{Protocol Primitives}
The coordination protocol must allow the following operations:
%{{{ sensor to backend
\subsubsection{Sensor to Backend}
\begin{itemize}
\item \mintinline{go}{registerSensor(capabilities)}: Register new sensor with capabilities (which botnet, available bandwidth, \ldots)
\item \mintinline{go}{unreachable(targets)}:
\end{itemize}
%}}} sensor to backend
%{{{ backend to sensor
\subsubsection{Backend to Sensor}
\begin{itemize}
\item \mintinline{go}{startCrawling(targets)}: Start crawling a batch of nodes for a specified time or until stopped, with \mintinline{go}{targets} being a list of targets and each target consists of a botnet identifier, IP address, port, bot identifier, how long and how often this bot should be monitored
\item \mintinline{go}{stopCrawling(targets)}: Stop crawling a batch of nodes
\end{itemize}
%}}} backend to sensor
%}}} primitives
%}}} methodology %}}} methodology
%}}} introduction
% vim: set filetype=tex ts=2 sw=2 tw=0 et foldmethod=marker spell : % vim: set filetype=tex ts=2 sw=2 tw=0 et foldmethod=marker spell :