Phishing Infrastructure Fluxes All the Way

Security&Privacy
2009
Issue No. 5 - September/October
Abstract - Phishing Infrastructure Fluxes All the Way

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by D. Kevin McGrath Articles by Andrew Kalafut Articles by Minaxi Gupta

September/October 2009 (vol. 7 no. 5)

pp. 21-28

	ASCII Text	x
	D. Kevin McGrath, Andrew Kalafut, Minaxi Gupta, "Phishing Infrastructure Fluxes All the Way," IEEE Security and Privacy, vol. 7, no. 5, pp. 21-28, September/October, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.130, author = {D. Kevin McGrath and Andrew Kalafut and Minaxi Gupta}, title = {Phishing Infrastructure Fluxes All the Way}, journal ={IEEE Security and Privacy}, volume = {7}, number = {5}, issn = {1540-7993}, year = {2009}, pages = {21-28}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.130}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Phishing Infrastructure Fluxes All the Way IS - 5 SN - 1540-7993 SP21 EP28 EPD - 21-28 A1 - D. Kevin McGrath, A1 - Andrew Kalafut, A1 - Minaxi Gupta, PY - 2009 KW - DNS KW - domain name system KW - phishing KW - fast flux KW - support vector machines KW - machine learning KW - measurement VL - 7 JA - IEEE Security and Privacy ER -

D. Kevin McGrath, Indiana University, Bloomington

Andrew Kalafut, Indiana University, Bloomington

Minaxi Gupta, Indiana University, Bloomington

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.130

As take-down efforts intensify, Internet fraudsters are beginning to employ novel techniques to keep their campaigns afloat. Fast flux aims to keep fraud campaigns afloat by provisioning a fraudulent Web site's DNS records to make the site resolve to numerous, short-lived IP addresses. Although fast flux hurts take-down efforts, it's possible to detect and defend against it and its prevalence in phishing campaigns today.

1. The Honeynet Project, Know Your Enemy: Fast-Flux Service Networks, July 2007, www.honeynet.org/papers/ff.
2. T. Holz et al., "Measuring and Detecting Fast-Flux Service Networks," Proc. 16th Network and Distributed System Security Symp. (NDSS), The Internet Society, 2008, www.isoc.org/isoc/conferences/ndss/08/papers/16_measuring_and_detecting.pdf.
3. A. Kalafut, C. Shue, and M. Gupta, "Understanding Implications of DNS Zone Provisioning," Proc. 8th ACM Sigcomm Internet Measurement Conf. (IMC), ACM Press, 2008, pp. 211–216.
4. J. Nazario and T. Holz, "As the Net Churns: Fast-Flux Botnet Observations," Proc. Int'l Conf. Malicious and Unwanted Software (Malware), IEEE Press, 2008, pp. 24–31.
5. A. Caglayan et al., "Real-Time Detection of Fast-Flux Service Networks," Proc. Cybersecurity Applications and Technologies Conf. for Homeland Security (CATCH), IEEE CS Press, 2008, pp. 285–292.
6. J. Bambenek, "Double Flux Defense in the DNS Protocol," IETF Internet draft, work in progress, Nov. 2008.

Index Terms:

DNS, domain name system, phishing, fast flux, support vector machines, machine learning, measurement

Citation:

D. Kevin McGrath, Andrew Kalafut, Minaxi Gupta, "Phishing Infrastructure Fluxes All the Way," IEEE Security and Privacy, vol. 7, no. 5, pp. 21-28, Sep./Oct. 2009, doi:10.1109/MSP.2009.130

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.