Detection of Fast Flux Service Networks
نویسندگان
چکیده
Fast Flux Service Networks (FFSN) apply high availability server techniques to the business of malware distribution. FFSNs are similar to commercial content distribution networks (CDN), such as Akamai, in terms of size, scope, and business model, serving as an outsourced content delivery service for clients. Using an analysis of DNS traffic, we derive a sequential hypothesis-testing algorithm based entirely on traffic characteristics and dynamic white listing to provide real time detection of FFSNs in live traffic. We improve on existing work, providing faster and more accurate detection of FFSNs. We also investigate a category of hosts not fully explored in previous detectors Open Content Distribution Networks (OCDN) that share many of the characteristics of FFSNs.
منابع مشابه
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
Botnets are large groups of compromised machines (bots) used bymiscreants for themost illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-en...
متن کاملA Fast Approach to the Detection of All-Purpose Hubs in Complex Networks with Chemical Applications
A novel algorithm for the fast detection of hubs in chemical networks is presented. The algorithm identifies a set of nodes in the network as most significant, aimed to be the most effective points of distribution for fast, widespread coverage throughout the system. We show that our hubs have in general greater closeness centrality and betweenness centrality than vertices with maximal degree, w...
متن کاملMeasuring and Detecting Fast-Flux Service Networks
We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a ...
متن کاملFast Flux Watch: A mechanism for online detection of fast flux networks
Fast flux networks represent a special type of botnets that are used to provide highly available web services to a backend server, which usually hosts malicious content. Detection of fast flux networks continues to be a challenging issue because of the similar behavior between these networks and other legitimate infrastructures, such as CDNs and server farms. This paper proposes Fast Flux Watch...
متن کاملCollaborative Detection of Fast Flux Phishing Domains
Phishing is a significant security threat to users of Internet services. Nowadays, phishing has become more resilient to detection and trace-back with the invention of Fast Flux (FF) service networks. We propose two approaches to correlate evidence from multiple DNS servers and multiple suspect FF domains. Real-world experiments show that our correlation approaches speed-up FF domain detection,...
متن کامل