Conference For Homeland Security, Cybersecurity Applications & Technology (2009)
Mar. 3, 2009 to Mar. 4, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CATCH.2009.44
Here we present the first empirical study of detecting and classifying fast flux service networks (FFSNs) in real time. FFSNs exploit a network of compromised machines (zombies) for illegal activities such as spam, phishing and malware delivery using DNS record manipulation techniques. Previous studies have focused on actively monitoring these activities over a large window (days, months) to detect such FFSNs and measure their footprint. In this paper, we present a Fast Flux Monitor (FFM) that can detect and classify a FFSN in the order of minutes using both active and passive DNS monitoring, which complements long term surveillance of FFSNs.
Botnet, detection, mitigation
D. Burke, G. Eaton, A. Caglayan, M. Toothaker and D. Drapeau, "Real-Time Detection of Fast Flux Service Networks," 2009 Cybersecurity Applications & Technology Conference for Homeland Security. CATCH 2009(CATCH), Washington, DC, 2009, pp. 285-292.