Detecting Malicious Fast Flux Domains

Mahmoud T. Qassrawi; Hong Li Zhang

doi:10.4028/www.scientific.net/AMM.157-158.1264

Paper Titles

Design of Oscillator for PWM Controller
p.1242

Dynamic Simulation of Flow Behavior in a New Spray Granulation Tower
p.1246

Scheme for Shortcut Double Keys of Working Mode Selection in PLC-Based Numerical Control Machine
p.1253

Research on the K_{II C} of the Two Types of Concrete Specimens
p.1260

Detecting Malicious Fast Flux Domains
p.1264

Analytical Solutions of Deformation for Temperature Dependent Functionally Graded Conical Shells
p.1274

Applications of Association Rules in Computer Crime Forensics
p.1281

Block Compressed Sensing Based on Image Complexity
p.1287

Study on Vehicle Routing and Scheduling Problems in Underground Mine Based on Adaptively ACA
p.1293

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 157-158Detecting Malicious Fast Flux Domains

Detecting Malicious Fast Flux Domains

Abstract:

Fast-flux service networks (FFSN) are new emerging phenomenon in the internet. Fast-flux networks use proxy networks of compromised machines to redirect and host scam service to achieve high availability. Such technique helps scam websites to avoid being traced and taken down by security professionals. In this paper, we use alternative decision tree algorithm to identify presence of fast-flux domains by analyzing only one address record (A-record) of DNS lookup, which achieves fast detection.

You might also be interested in these eBooks

View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 157-158)

Pages:

1264-1273

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.157-158.1264

Citation:

Cite this paper

Online since:

February 2012

Authors:

Mahmoud T. Qassrawi, Hong Li Zhang

Keywords:

Availability, DNS Lookup, Fast Flux, Record

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

Citation:

References

[1] Arbor Networks, http: /atlas. arbor. net.

Google Scholar

[2] B. Zdrnja, Security Monitoring of DNS traffic, CompSci 780, University of Auckland, May (2006).

Google Scholar

[3] Content Distribution Network http: /encyclopedia. jrank. org/articles/pages/6700/Content-Distribution-Network. html#ixzz0gtqpbosk.

Google Scholar

[4] D. Kevin McGrath ,A. Kalafut , and M. Gupta, Phishing Infrastructure Fluxes All the Way, IEEE Security and Privacy archive Volume 7 , Issue 5 (September 2009), pp.21-28.

DOI: 10.1109/msp.2009.130

Google Scholar

[5] E. Passerini, R. Paleari, L. Martignoni and D. Bruschi,. FluXOR: detecting and monitoring fast-flux service networks., Detection of Intrusions and Malware, and Vulnerability Assessment (2008), pp.186-206.

DOI: 10.1007/978-3-540-70542-0_10

Google Scholar

[6] GNSO Fast Flux Hosting Working Group Publishes Final Report, 7 August (2009).

Google Scholar

[7] Honeynet Project and Research Alliance, Know Your Enemy: Fast-flux Service Networks, July 13, (2007).

Google Scholar

[8] ICANN Security and Stability Advisory Committee (SSAC), SSAC Advisory on Fast Flux Hosting and DNS, Fast and Double Flux Attacks, March (2008).

Google Scholar

[9] ICANN, GNSO Issues Report on Fast Flux Hosting, March (2008).

Google Scholar

[10] P. Scharrenberg, Analyzing Fast-Flux Service Networks, Diploma-Thesis, November (2008).

Google Scholar

[11] Phish Tank, www. phishtank. com.

Google Scholar

[12] T. Holz, C. Gorecki, K. Rieck ,F. C. Freiling, Measuring and Detecting Fast-Flux Service Networks.

Google Scholar

[13] Weka, http: /www. cs. waikato. ac. nz/ml/weka.

Google Scholar

[14] Y. Freund and L. Mason, Alternating Decision Tree Learning Algorithm, Proceedings of the Sixteenth International Conference on Machine Learning, June 1999, Morgan Kaufmann Publishers Inc.

Google Scholar

[15] Alexa, http: /www. alexa. com.

Google Scholar