Download presentation
Presentation is loading. Please wait.
1
Offense Questions: Botnet detection
What is the difference b/t bot and pure worms C&C ? Can we automatically detect C&C ? How? No real invariants/separator in C&C traffic ? Even IRC-based detection seems hopeless in the paper Maybe also consider semantics, not just numerical values, like traffic size, length of packets, etc. Fundamental difference: human vs. machine ! What about URL-based botnet?
2
Offense Questions: Botnet detection II
Detection based on specific bot commands ? Specific bot dependent Can be encrypted Statistical finger printing techniques ? Contradict w/ the U Michigan paper
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.