Title :
Real-Time Detection of Fast Flux Service Networks
Author :
Caglayan, Alper ; Toothaker, Mike ; Drapeau, Dan ; Burke, Dustin ; Eaton, Gerry
Abstract :
Here we present the first empirical study of detecting and classifying fast flux service networks (FFSNs) in real time. FFSNs exploit a network of compromised machines (zombies) for illegal activities such as spam, phishing and malware delivery using DNS record manipulation techniques. Previous studies have focused on actively monitoring these activities over a large window (days, months) to detect such FFSNs and measure their footprint. In this paper, we present a fast flux monitor (FFM) that can detect and classify a FFSN in the order of minutes using both active and passive DNS monitoring, which complements long term surveillance of FFSNs.
Keywords :
computer networks; invasive software; unsolicited e-mail; DNS record manipulation; compromised machines; fast flux monitor; fast flux service networks; illegal activities; malware; passive DNS monitoring; phishing; real-time detection; spam; Availability; Command and control systems; Computer crime; Computer security; IP networks; Monitoring; Network servers; Surveillance; Terrorism; Web server; Botnet; detection; mitigation;
Conference_Titel :
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
Conference_Location :
Washington, DC
Print_ISBN :
978-0-7695-3568-5
DOI :
10.1109/CATCH.2009.44
