In this paper, Terry Nelms, Roberto Perdisci, and Mustaque Ahamad present ExecScent, a novel system that aims to mine new, previously unknown C&C domain names from live enterprise network traffic. ExecScent automatically learns control protocol templates (CPTs) from examples of known C&C communications.
Download the white paper from here – https://www.damballa.com/downloads/a_pubs/Damballa_ExecScent.pdf