The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2009 vol.7)
pp: 21-28
D. Kevin McGrath , Indiana University, Bloomington
Andrew Kalafut , Indiana University, Bloomington
Minaxi Gupta , Indiana University, Bloomington
As take-down efforts intensify, Internet fraudsters are beginning to employ novel techniques to keep their campaigns afloat. Fast flux aims to keep fraud campaigns afloat by provisioning a fraudulent Web site's DNS records to make the site resolve to numerous, short-lived IP addresses. Although fast flux hurts take-down efforts, it's possible to detect and defend against it and its prevalence in phishing campaigns today.
DNS, domain name system, phishing, fast flux, support vector machines, machine learning, measurement
D. Kevin McGrath, Andrew Kalafut, Minaxi Gupta, "Phishing Infrastructure Fluxes All the Way", IEEE Security & Privacy, vol.7, no. 5, pp. 21-28, September/October 2009, doi:10.1109/MSP.2009.130
1. The Honeynet Project, Know Your Enemy: Fast-Flux Service Networks, July 2007,
2. T. Holz et al., "Measuring and Detecting Fast-Flux Service Networks," Proc. 16th Network and Distributed System Security Symp. (NDSS), The Internet Society, 2008,
3. A. Kalafut, C. Shue, and M. Gupta, "Understanding Implications of DNS Zone Provisioning," Proc. 8th ACM Sigcomm Internet Measurement Conf. (IMC), ACM Press, 2008, pp. 211–216.
4. J. Nazario and T. Holz, "As the Net Churns: Fast-Flux Botnet Observations," Proc. Int'l Conf. Malicious and Unwanted Software (Malware), IEEE Press, 2008, pp. 24–31.
5. A. Caglayan et al., "Real-Time Detection of Fast-Flux Service Networks," Proc. Cybersecurity Applications and Technologies Conf. for Homeland Security (CATCH), IEEE CS Press, 2008, pp. 285–292.
6. J. Bambenek, "Double Flux Defense in the DNS Protocol," IETF Internet draft, work in progress, Nov. 2008.
34 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool