Papers - PSJoshi/Notes GitHub Wiki
Security analysis of webproxy logs
- Beehive: Large-scale log analysis for detecting suspiciousactivity in enterprise networks,
- ExecScent: Mining for newC&C domains in live networks with adaptive control protocol tem-plates
- Webwitness:Investigating, categorizing, and mitigating malware download paths. A. Oprea, Z. Li, K. Bowers, and R. Norris, “MADE: Security Analytics for Enterprise Threat Detection
- BAYWATCH: robust beaconing detection to identify infectedhosts in large-scale enterprise networks
- Automated generation of features for enterprise security - http://www.ccs.neu.edu/home/alina/papers/FeatureEng.pdf
Malware beaconing papers
- Detect periodic behaviour in botnet traffic - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4294756/pdf/main.pdf
- Detecting malware based on expired command-and-control traffic - https://journals.sagepub.com/doi/full/10.1177/1550147717720791
- Recognition of remote controlled malware - https://madoc.bib.uni-mannheim.de/33092/1/DissChristianDietrich.pdf
- Detecting beacons using RITA - https://www.sans.org/reading-room/whitepapers/detection/onion-zeek-rita-improving-network-visibility-detecting-c2-activity-38755
- Large scale DNS logs for targeted attack identification - https://waset.org/publications/10004242/malware-beaconing-detection-by-mining-large-scale-dns-logs-for-targeted-attack-identification
- Malware beaconing detection methods - https://patents.google.com/patent/US20170187736
- An apporach to detect malware home activities - https://www.sans.org/reading-room/whitepapers/detection/approach-detect-malware-call-home-activities-34480
- Tracking local periodic communication behaviour of malware - https://ieeexplore.ieee.org/document/8377941