Malware beaconing - PSJoshi/Notes GitHub Wiki

• Threat hunting with data science - https://www.slideshare.net/AustinTaylor8/threat-hunting-with-data-science
• Beaconing detection - https://github.com/austin-taylor/flare/blob/master/flare/analytics/command_control.py
• Flare based Beaconing tutorial - http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/
• Analysis of network beaconing activity for incident response - http://www.cert.org/flocon/2008/presentations/balland_flocon2008.pdf
• Threat Hunting - https://github.com/ThreatHuntingProject/ThreatHunting/blob/master/hunts/beacon_detection_via_intra_request_time_deltas.md
• Finding beacons with bro - http://securitykitten.github.io/finding-beacons-with-bro/
• From bandwidth to beacon detection - http://www.cert.org/flocon/2012/presentations/jones-from-bandwidth-to-beacon-detection.pdf
• Malware beaconing detection methods - Google patents - https://www.google.com/patents/US20170187736
• Malware analysis - https://cps-vo.org/book/export/html/20510
• Statistical analysis of flow data using python and redis - https://resources.sei.cmu.edu/asset_files/Presentation/2013_017_001_51255.pdf
• From bandwidth to beacon detection - https://resources.sei.cmu.edu/asset_files/Presentation/2012_017_001_50809.pdf
• Malware beaconing detection using large scale analysis of DNS logs - https://waset.org/publications/10004242/malware-beaconing-detection-by-mining-large-scale-dns-logs-for-targeted-attack-identification

Papers

• Xin Hu, Jiyong Jang, Marc Ph. Stoecklin, Ting Wang, Douglas L. Schales, Dhilung Kirat, Josyula R. Rao, "BAYWATCH: Robust Beaconing Detection to Identify Infected Hosts in Large-Scale Enterprise Networks", 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), vol. 00, no. , pp. 479-490, 2016, doi:10.1109/DSN.2016.50
• Robust beaconing detection to identify infected hosts https://pdfs.semanticscholar.org/de25/0f5800163abfdd6490e130313fe0c369b83f.pdf
• Malware beaconing detection using large scale mining of DNS logs - https://pdfs.semanticscholar.org/2566/b4b1929b5f8bc7156959095967a5125c2573.pdf
• Design and analysis of decoy system for computer security - https://pdfs.semanticscholar.org/3205/e0e046a097c2d62d25de2c8307306ec9b949.pdf
• Good article on "detecting malicious beacons" - http://deviantpackets.blogspot.com/2014/03/detecting-malicious-beacons.html
• Beacon bits - https://github.com/bez0r/BeaconBits
• Catching malware enmasse using DNS and IP - https://www.blackhat.com/docs/us-14/materials/us-14-Mahjoub-Catching-Malware-En-Masse-DNS-And-IP-Style-WP.pdf
• Beacon detection in pcap files - http://www.delaat.net/rp/2013-2014/p73/presentation.pdf
• A scalable botnet detection method for large scale DNS traffic - https://pdfs.semanticscholar.org/b70f/72888475d56c77bac2791c7f3ba038197a5b.pdf
• Network traffic analysis through statistical signal processing methods - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.208.782&rep=rep1&type=pdf
• Network heartbeat traffic characterization - https://pages.cpsc.ucalgary.ca/~carey/talks/Heartbeats-CLW.pdf
• Network traffic features for anomaly detection in ICS traffic - https://res.mdpi.com/futureinternet/futureinternet-05-00460/article_deploy/futureinternet-05-00460.pdf?filename=&attachment=1
• Exploiting time periodicity in industrial control network - https://dial.uclouvain.be/pr/boreal/object/boreal:172310/datastream/PDF_01/view
• Detection of randomized botnet traffic - https://www.sciencedirect.com/science/article/pii/S111001681630059X
• Malware beaconing detection method - https://patentimages.storage.googleapis.com/86/cd/8e/33982360e5ad1d/US9979741.pdf
• Detection of beaconing behaviour in network traffic - https://patentimages.storage.googleapis.com/5d/1e/82/85601b6fca7bb0/US20160134651A1.pdf
• Identifying malicious host involved in periodic communication - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8171326
• Filtering automated polling traffic in netflow data - https://research-information.bristol.ac.uk/files/33910761/HeardRubinDelanchyLawson2014_CyberPolling.pdf
• Slow-Paced Persistent Network Attacks Analysis and Detection Using Spectrum Analysis: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6906240
• Command-and-control - Understanding C2 techniques - https://arxiv.org/abs/1408.1136
• Modelling network behaviour of malware to block malicious patterns - https://www.researchgate.net/profile/Sebastian_Garcia6/publication/317415557_Modelling_The_Network_Behavior_of_Malware_to_Block_Malicious_Patterns_The_Stratosphere_Project_A_Behavioral_IPS/links/5939ad62aca272bcd1d16d1f/Modelling-The-Network-Behavior-of-Malware-to-Block-Malicious-Patterns-The-Stratosphere-Project-A-Behavioral-IPS.pdf
• Flowsummary - summarizing network flows for periodicity detection - https://link.springer.com/content/pdf/10.1007%2F978-3-642-45062-4_98.pdf