Підсумовано та описано групи пасивних методів виявлення ботнет-мереж. Наведено основні недоліки та переваги роботи кожного з них.
1. An algorithm for anomaly-based botnet detection. Binkley, J. R., Singh, S. In: Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'06), 2006. 2. BotHunter: detecting malware infection through IDS-driven dialog correlation. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W. In: Proceedings of the 16 th USENIX Security Symposium on USENIX Security Symposium (SS'07), 2007. 3. Using machine learning techniques to identify botnet traffic. Livadas C., Walsh, R., Lapsley, D., Strayer, T. In: Proceedings of the 31st IEEE Conference on Local Computer Networks, 2006. 4. A Proposed Framework for P2P Botnet Detection. Zeidanloo, H. R., Manaf, A., Ahmad, R., Zamani, M., Chaeikar, S. In: IACSIT International Journal of Engineering and Technology, Vol.2, No.2, 2010. 5. Traffic aggregation for malware detection. Yen, T.-F., Reiter, M. K. . In: Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA ‘08), 2008. 6. Towards automated detection of peer-to-peer botnets: on the limits of local approaches. Jelasity, M., Bilicki, V. In: Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more (LEET'09), 2009. 7. Botnet Detection by Monitoring Group Activities in DNS Traffic. Choi, H., Lee H., Lee H., Kim H. In: Proceedings of the 7th IEEE International Conference on Computer and Information Technology (CIT '07), 2007. 8. Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic. Villamarin-Salomon, R., Brustoloni, J.C. In: Proceedings of the 5th IEEE
Consumer Communications and Networking Conference (CCNC'08), 2008.
9. Analyzing DNS activities of bot processes. Morales, J.A., Al-Bataineh, A., Shouhuai, Xu, Sandhu, R. In: Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE), 2009. 10. Traffic Analysis on Mass Mailing Worm and DNS/SMTP. Musashi, Y., Sugitani, K., Matsuba, R. In: Proceedings of the 19th IPSJ SIGNotes Computer Security, 2002. 11. A methodology for anomaly and botnet detection and characterisation from application logs. Linari, A., Buckley, O., Duce, D., Mitchell, F., Morris, S. 2010.