Papers - PSJoshi/Notes GitHub Wiki

Security analysis of webproxy logs

• Beehive: Large-scale log analysis for detecting suspiciousactivity in enterprise networks,
• ExecScent: Mining for newC&C domains in live networks with adaptive control protocol tem-plates
• Webwitness:Investigating, categorizing, and mitigating malware download paths. A. Oprea, Z. Li, K. Bowers, and R. Norris, “MADE: Security Analytics for Enterprise Threat Detection
• BAYWATCH: robust beaconing detection to identify infectedhosts in large-scale enterprise networks
• Automated generation of features for enterprise security - http://www.ccs.neu.edu/home/alina/papers/FeatureEng.pdf

Malware beaconing papers

• Detect periodic behaviour in botnet traffic - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4294756/pdf/main.pdf
• Detecting malware based on expired command-and-control traffic - https://journals.sagepub.com/doi/full/10.1177/1550147717720791
• Recognition of remote controlled malware - https://madoc.bib.uni-mannheim.de/33092/1/DissChristianDietrich.pdf
• Detecting beacons using RITA - https://www.sans.org/reading-room/whitepapers/detection/onion-zeek-rita-improving-network-visibility-detecting-c2-activity-38755
• Large scale DNS logs for targeted attack identification - https://waset.org/publications/10004242/malware-beaconing-detection-by-mining-large-scale-dns-logs-for-targeted-attack-identification
• Malware beaconing detection methods - https://patents.google.com/patent/US20170187736
• An apporach to detect malware home activities - https://www.sans.org/reading-room/whitepapers/detection/approach-detect-malware-call-home-activities-34480
• Tracking local periodic communication behaviour of malware - https://ieeexplore.ieee.org/document/8377941