• DocumentCode
    3456825
  • Title

    Detection of Fast-Flux Networks using various DNS feature sets

  • Author

    Celik, Z. Berkay ; Oktug, Sema

  • Author_Institution
    Dept. of Comput. Eng., Istanbul Tech. Univ., Istanbul, Turkey
  • fYear
    2013
  • fDate
    7-10 July 2013
  • Abstract
    In this work, we study the detection of Fast-Flux Service Networks (FFSNs) using DNS (Domain Name System) response packets. We have observed that current approaches do not employ a large combination of DNS features to feed into the proposed detection systems. The lack of features may lead to high false positive or false negative rates triggered by benign activities including Content Distribution Networks (CDNs). In this paper, we study recently proposed detection frameworks to construct a high-dimensional feature vector containing timing, network, spatial, domain name, and DNS response information. In the detection system, we strive to use features that are delay-free, and lightweight in terms of storage and computational cost. Feature sub-spaces are evaluated using a C4.5 decision tree classifier by excluding redundant features using the information gain of each feature with respect to each class. Our experiments reveal the performance of each feature subset type in terms of the classification accuracy. Moreover, we present the best feature subset for the discrimination of FFSNs recorded with the datasets we used.
  • Keywords
    Internet; computer network security; decision trees; C4.5 decision tree classifier; CDN; DNS feature sets; DNS response information; DNS response packet; FFSN; classification accuracy; computational cost; content distribution networks; delay-free features; detection framework; detection system; domain name system response packet; false negative rate; false positive rate; fast-flux networks detection; feature subset type; feature subspaces; high-dimensional feature vector; Accuracy; Complexity theory; Indexes; Timing; Fast-flux Service Networks (FFSNs); classification; feature selection; network security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computers and Communications (ISCC), 2013 IEEE Symposium on
  • Conference_Location
    Split
  • Type

    conf

  • DOI
    10.1109/ISCC.2013.6755058
  • Filename
    6755058