Malware beaconing - PSJoshi/Notes GitHub Wiki
Papers
Xin Hu, Jiyong Jang, Marc Ph. Stoecklin, Ting Wang, Douglas L. Schales, Dhilung Kirat, Josyula R. Rao, "BAYWATCH: Robust Beaconing Detection to Identify Infected Hosts in Large-Scale Enterprise Networks", 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), vol. 00, no. , pp. 479-490, 2016, doi:10.1109/DSN.2016.50
Robust beaconing detection to identify infected hosts
https://pdfs.semanticscholar.org/de25/0f5800163abfdd6490e130313fe0c369b83f.pdf
Malware beaconing detection using large scale mining of DNS logs - https://pdfs.semanticscholar.org/2566/b4b1929b5f8bc7156959095967a5125c2573.pdf
Design and analysis of decoy system for computer security - https://pdfs.semanticscholar.org/3205/e0e046a097c2d62d25de2c8307306ec9b949.pdf
Good article on "detecting malicious beacons" - http://deviantpackets.blogspot.com/2014/03/detecting-malicious-beacons.html
Beacon bits - https://github.com/bez0r/BeaconBits
Catching malware enmasse using DNS and IP - https://www.blackhat.com/docs/us-14/materials/us-14-Mahjoub-Catching-Malware-En-Masse-DNS-And-IP-Style-WP.pdf
Beacon detection in pcap files - http://www.delaat.net/rp/2013-2014/p73/presentation.pdf
A scalable botnet detection method for large scale DNS traffic - https://pdfs.semanticscholar.org/b70f/72888475d56c77bac2791c7f3ba038197a5b.pdf
Network traffic analysis through statistical signal processing methods - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.208.782&rep=rep1&type=pdf
Network heartbeat traffic characterization - https://pages.cpsc.ucalgary.ca/~carey/talks/Heartbeats-CLW.pdf
Network traffic features for anomaly detection in ICS traffic - https://res.mdpi.com/futureinternet/futureinternet-05-00460/article_deploy/futureinternet-05-00460.pdf?filename=&attachment=1
Exploiting time periodicity in industrial control network - https://dial.uclouvain.be/pr/boreal/object/boreal:172310/datastream/PDF_01/view
Detection of randomized botnet traffic - https://www.sciencedirect.com/science/article/pii/S111001681630059X
Malware beaconing detection method - https://patentimages.storage.googleapis.com/86/cd/8e/33982360e5ad1d/US9979741.pdf
Detection of beaconing behaviour in network traffic - https://patentimages.storage.googleapis.com/5d/1e/82/85601b6fca7bb0/US20160134651A1.pdf
Identifying malicious host involved in periodic communication - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8171326
Filtering automated polling traffic in netflow data - https://research-information.bristol.ac.uk/files/33910761/HeardRubinDelanchyLawson2014_CyberPolling.pdf
Slow-Paced Persistent Network Attacks Analysis and Detection Using Spectrum Analysis:
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6906240
Command-and-control - Understanding C2 techniques - https://arxiv.org/abs/1408.1136
Modelling network behaviour of malware to block malicious patterns - https://www.researchgate.net/profile/Sebastian_Garcia6/publication/317415557_Modelling_The_Network_Behavior_of_Malware_to_Block_Malicious_Patterns_The_Stratosphere_Project_A_Behavioral_IPS/links/5939ad62aca272bcd1d16d1f/Modelling-The-Network-Behavior-of-Malware-to-Block-Malicious-Patterns-The-Stratosphere-Project-A-Behavioral-IPS.pdf
Flowsummary - summarizing network flows for periodicity detection - https://link.springer.com/content/pdf/10.1007%2F978-3-642-45062-4_98.pdf
🗂️ Page Index for this GitHub Wiki