Hi everyone,
am new and not very sure about rules here,hope its not off-topic.
im master student researcher and i am working on botnet detection.
it would be appreciated if anyone can help me with :
I. anyway to detect botnet trafic out of normal tor traffic?
II. is this solution possible to apply?
to attach a script to botnet ( so we pass reverse engineering and no mess with codes of malware) and send it back to network, let the relays and last node which is botmaster recieves the compromised botnet ,and the script report our detector machine of any time it been re-routed in tor network ( hidden service and relays and botmaster) about : ip address of receiver hosts (relays) and their computer information( os,...) and consider last hop as botmaster. after using this technic for few botnets, we can have a good view of how relays (and which relays) been used for attack bt botnet and who is botmaster : it can help tor admin to clean relays, remove that hidden service , blacklist botmaster ip address
thank you
Ehsan Moshiri (Enkidu)Digital Forensic Student
H/P:+96164953954 , +961124249769
Facebook: Enkidu Mo Shi Ri
wechat: Enkidu-Moshiri
Line: Enkidu.Moshiri