Conference For Homeland Security, Cybersecurity Applications & Technology (2009)
Mar. 3, 2009 to Mar. 4, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CATCH.2009.44
Here we present the first empirical study of detecting and classifying fast flux service networks (FFSNs) in real time. FFSNs exploit a network of compromised machines (zombies) for illegal activities such as spam, phishing and malware delivery using DNS record manipulation techniques. Previous studies have focused on actively monitoring these activities over a large window (days, months) to detect such FFSNs and measure their footprint. In this paper, we present a Fast Flux Monitor (FFM) that can detect and classify a FFSN in the order of minutes using both active and passive DNS monitoring, which complements long term surveillance of FFSNs.
Botnet, detection, mitigation
Dustin Burke, Gerry Eaton, Alper Caglayan, Mike Toothaker, Dan Drapeau, "Real-Time Detection of Fast Flux Service Networks", Conference For Homeland Security, Cybersecurity Applications & Technology, vol. 00, no. , pp. 285-292, 2009, doi:10.1109/CATCH.2009.44