Botnets are an evolutionary form of malware, unique in requiring network connectivity for herding by a botmaster that allows coordinated attacks as well as dynamic evasion from detection. Thus, the most interesting features of a bot relate to its rapidly evolving network behavior. The few academic and commercial malware observation systems that exist, however, are either proprietary or have large cost and management overhead. Moreover, the network behavior of bots changes considerably under different operational contexts. We first identify these various contexts that can impact its fingerprint. We then present Titan
more here..........http://sysnet.org.pk/w/Titan:_Enabling_Low_Overhead_and_Multi-faceted_Network_Fingerprinting_of_a_Bot
more here..........http://sysnet.org.pk/w/Titan:_Enabling_Low_Overhead_and_Multi-faceted_Network_Fingerprinting_of_a_Bot