Presentation is loading. Please wait.

Presentation is loading. Please wait.

Offense Questions: Botnet detection

Similar presentations


Presentation on theme: "Offense Questions: Botnet detection"— Presentation transcript:

1 Offense Questions: Botnet detection
What is the difference b/t bot and pure worms C&C ? Can we automatically detect C&C ? How? No real invariants/separator in C&C traffic ? Even IRC-based detection seems hopeless in the paper Maybe also consider semantics, not just numerical values, like traffic size, length of packets, etc. Fundamental difference: human vs. machine ! What about URL-based botnet?

2 Offense Questions: Botnet detection II
Detection based on specific bot commands ? Specific bot dependent Can be encrypted Statistical finger printing techniques ? Contradict w/ the U Michigan paper


Download ppt "Offense Questions: Botnet detection"

Similar presentations


Ads by Google