Botnet protocol inference in the presence of encrypted traffic

@article{Carli2017BotnetPI,
  title={Botnet protocol inference in the presence of encrypted traffic},
  author={Lorenzo De Carli and Ruben Torres and Gaspar Modelo-Howard and A. Tongaonkar and S. Jha},
  journal={IEEE INFOCOM 2017 - IEEE Conference on Computer Communications},
  year={2017},
  pages={1-9}
}
Network protocol reverse engineering of botnet command and control (C&C) is a challenging task, which requires various manual steps and a significant amount of domain knowledge. Furthermore, most of today's C&C protocols are encrypted, which prevents any analysis on the traffic without first discovering the encryption algorithm and key. To address these challenges, we present an end-to-end system for automatically discovering the encryption algorithm and keys, generating a protocol… Expand
Kali: Scalable encryption fingerprinting in dynamic malware traces
An Extremely Lightweight Approach for DDoS Detection at Home Gateways
BotCluster: A session-based P2P botnet clustering system on NetFlow
EnCoD: Distinguishing Compressed and Encrypted File Fragments
The New Threats of Information Hiding: The Road Ahead
Cyber-physical systems security: Limitations, issues and future trends
Stream Genetic Programming for Botnet Detection

References

SHOWING 1-10 OF 33 REFERENCES
ProVeX: Detecting Botnets with Encrypted Command and Control Channels
Inference and analysis of formal models of botnet command and control protocols
ReFormat: Automatic Reverse Engineering of Encrypted Messages
Automatic protocol field inference for deeper protocol understanding
Automatic Network Protocol Analysis
Discoverer: Automatic Protocol Reverse Engineering from Network Traces
Prospex: Protocol Specification Extraction
Botzilla: detecting the "phoning home" of malicious software
...
1
2
3
4
...