Towards complete node enumeration in a peer-to-peer botnet

Modern advanced botnets may employ a decentralized peer-to-peer overlay network to bootstrap and maintain their command and control channels, making them more resilient to traditional mitigation efforts such as server incapacitation. As an alternative strategy, the malware defense community has been trying to identify the bot-infected hosts and enumerate the IP addresses of the participating nodes so that the list can be used by system administrators to identify local infections, block spam emails sent from bots, and configure firewalls to protect local users. Enumerating the infected hosts, however, has presented challenges. One cannot identify infected hosts behind firewalls or NAT devices by employing crawlers, a commonly used enumeration technique where recursive get-peerlist lookup requests are sent newly discovered IP addresses of infected hosts. As many bot-infected machines in homes or office

Applying Deep Learning on Packet Flows for Botnet Detection

Contains fulltext : 195412.pdf (Publisher’s version ) (Open Access)SAC18: The 17th edition of the Computer Security track at the 33rd ACM Symposium on Applied Computing, 9-13 April 2018, Pau, Franc

Applying deep learning on packet flows for botnet detection:Proceedings of the 33rd Annual {ACM} Symposium on Applied Computing

Contains fulltext : 195412.pdf (Publisher’s version ) (Open Access)SAC18: The 17th edition of the Computer Security track at the 33rd ACM Symposium on Applied Computing, 9-13 April 2018, Pau, Franc