This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Phishing Infrastructure Fluxes All the Way
September/October 2009 (vol. 7 no. 5)
pp. 21-28
D. Kevin McGrath, Indiana University, Bloomington
Andrew Kalafut, Indiana University, Bloomington
Minaxi Gupta, Indiana University, Bloomington
As take-down efforts intensify, Internet fraudsters are beginning to employ novel techniques to keep their campaigns afloat. Fast flux aims to keep fraud campaigns afloat by provisioning a fraudulent Web site's DNS records to make the site resolve to numerous, short-lived IP addresses. Although fast flux hurts take-down efforts, it's possible to detect and defend against it and its prevalence in phishing campaigns today.

1. The Honeynet Project, Know Your Enemy: Fast-Flux Service Networks, July 2007, www.honeynet.org/papers/ff.
2. T. Holz et al., "Measuring and Detecting Fast-Flux Service Networks," Proc. 16th Network and Distributed System Security Symp. (NDSS), The Internet Society, 2008, www.isoc.org/isoc/conferences/ndss/08/papers/16_measuring_and_detecting.pdf.
3. A. Kalafut, C. Shue, and M. Gupta, "Understanding Implications of DNS Zone Provisioning," Proc. 8th ACM Sigcomm Internet Measurement Conf. (IMC), ACM Press, 2008, pp. 211–216.
4. J. Nazario and T. Holz, "As the Net Churns: Fast-Flux Botnet Observations," Proc. Int'l Conf. Malicious and Unwanted Software (Malware), IEEE Press, 2008, pp. 24–31.
5. A. Caglayan et al., "Real-Time Detection of Fast-Flux Service Networks," Proc. Cybersecurity Applications and Technologies Conf. for Homeland Security (CATCH), IEEE CS Press, 2008, pp. 285–292.
6. J. Bambenek, "Double Flux Defense in the DNS Protocol," IETF Internet draft, work in progress, Nov. 2008.

Index Terms:
DNS, domain name system, phishing, fast flux, support vector machines, machine learning, measurement
Citation:
D. Kevin McGrath, Andrew Kalafut, Minaxi Gupta, "Phishing Infrastructure Fluxes All the Way," IEEE Security & Privacy, vol. 7, no. 5, pp. 21-28, Sept.-Oct. 2009, doi:10.1109/MSP.2009.130
Usage of this product signifies your acceptance of the Terms of Use.