期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Hybrid Detection and Tracking of Fast-Flux Botnet on Domain Name System Traffic 被引量:2

基于DNS流量的Fast-Flux僵尸网络混合检测与追踪(英文)
在线阅读 下载PDF
导出
摘要 Fast-flux is a Domain Name System(DNS)technique used by botnets to organise compromised hosts into a high-availability,loadbalancing network that is similar to Content Delivery Networks(CDNs).Fast-Flux Service Networks(FFSNs)are usually used as proxies of phishing websites and malwares,and hide upstream servers that host actual content.In this paper,by analysing recursive DNS traffic,we develop a fast-flux domain detection method which combines both real-time detection and long-term monitoring.Experimental results demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms,and is light-weight in terms of resource consumption.We evaluate the performance of the proposed fast-flux detection and tracking solution during a 180-day period of deployment on our university’s DNS servers.Based on the tracking results,we successfully identify the changes in the distribution of FFSN and their roles in recent Internet attacks. Fast-flux is a Domain Name System (DNS) technique used by botnets to organise compromised hosts into a high-availability, load- balancing network that is similar to Content Delivery Networks (CDNs). Fast-Flux Service Networks (FFSNs) are usually used as proxies of phishing websites and malwares, and hide upstream servers that host actual content. In this paper, by analysing recursive DNS traffic, we develop a fast-flux domain detection met- hod which combines both real-time detection and long-term monitoring. Experimental res- ults demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms, and is light-weight in terms of resource consump- tion. We evaluate the performance of the pro- posed fast-flux detection and tracking solution during a 180-day period of deployment on our university's DNS servers. Based on the track- ing results, we successfully identify the chan- ges in the distribution of FFSN and their roles in recent Internet attacks.
作者 邹福泰 章思宇 饶卫雄
机构地区 School of Information Security Engineering School of Software Engineering
出处 《China Communications》 SCIE CSCD 2013年第11期81-94,共14页 中国通信(英文版)
基金 supported by the National Basic Research Program of China(973 Program)under Grant No.2013CB329603 Huawei Innovation Research Program the Opening Project of Key Laboratory of Information Network Security of Ministry of Public Security under Grant No.C11608 the National Natural Science Foundation of China under Grant No.61271220
关键词 domain name system BOTNET fast-flux 僵尸网络 动力检测 域名系统 跟踪解 通量 流量 DNS服务器 混合
分类号 TP393.08 [自动化与计算机技术—计算机应用技术] TU473.16 [建筑科学—结构工程]
  • 相关文献

参考文献18

  • 1The Honeynet Project. Know Your Enemy: FastFlux Service Networks[EB/OL]. [2011-2-15]. http: / /www.honeynet.org/papers/ff/.
  • 2HOlZ T, GORECKI C, RIECK K, et 01. Measuring and Detecting Fast-Flux Service Networks[C]// Proceedings of 15th Annual Network and Distributed System Security Symposium (NDSS): February 7-11, 200S. San Diego, CA, USA, 200S.
  • 3NAZARIO J, HOlZ T. As the Net Churns: FastFlux Botnet Observations[C]// Proceedings of 3rd International Conference on Malicious and Unwanted Software 200S (MAlWARE 200S): October 7-S, 200S. Alexandria, VA. USA, 200S: 24-3l.
  • 4PASSERINI E, PAlEARI R, MARTIGNONI t, et 01. FluXOR: Detecting and Monitoring Fast-Flux Service Networks[C]// Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'OS): July 10-11, 200S. Paris, France, 200S: lS6-206.
  • 5PERDISCI R, CORONA I, DAGON D, et al. Detecting Malicious Flux Service Networks Through Passive Analysis of Recursive DNS Traces [C]// Proceedings of 25th Annual Computer Conference Security Applications 2009 (ACSAC'09): December 7-11, 2009., Honolulu, HI, USA, 2009: 311-320.
  • 6CAMPBEll S, CHAN S, lEE J. Detection of Fast Flux Service Networks[C]// Proceedings of Aus-tralasian Computer Science Week (ACSW 2011): January 17-20, 2011. Perth, Australia, 2011.
  • 7HUANG S Y, MAO C H, LEE H M. Fast-Flux Service Network Detection Based on Spatial Snapshot Mechanism for Delay-Free Detection[C]// Proceedings of the 5th ACM Symposium on Information, Computer and Communication Security (ASIACCS'10): April 13-16, 2010. Beijing, China, 2010: 101-111.
  • 8BILGE L, KIRDA E, KRUEGEL C, et 01. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis[C]// Proceedings of 18th Annual Network and Distributed System Security Symposium: February 6-9, 2011. San Diego, CA, USA, 2011.
  • 9HSU C H, HUANG C Y, CHEN K T. Fast-Flux Bot Detection in Real Time[C]// Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10): September 15-17, 2010. Ottawa, ON, Canada, 2010: 464-483.
  • 10ZHOU C V, LECKIE C, KARUNASEKERA S. Collaborative Detection of Fast Flux Phishing Domains[J]. Journal of Networks, 2009, 4(1): 75-84.

同被引文献5

引证文献2

二级引证文献5

China Communications
2013年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部