FluXOR: Detecting and Monitoring Fast-Flux Service Networks
نویسندگان
چکیده
Botnets are large groups of compromised machines (bots) used bymiscreants for themost illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets, we have developed FluXOR, a system to detect and monitor fast-flux service networks. FluXORmonitoring and detection strategies entirely rely on the analysis of a set of features observable from the point of view of a victim of the scams perpetrated thorough botnets. We have been using FluXOR for about a month and so far we have detected 387 fast-flux service networks, totally composed by 31998 distinct compromised machines, which we believe to be associated with 16 botnets.
منابع مشابه
Detecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملMeasuring and Detecting Fast-Flux Service Networks
We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a ...
متن کاملFast Flux Service Networks: Dynamics and Roles in Hosting Online Scams∗
This paper studies the dynamics of fast flux service networks and their role in online scam hosting infrastructures. By monitoring changes in DNS records of over 350 distinct fast flux domains collected from URLs in 115,000 spam emails at a large spam sinkhole, we measure the rate of change of DNS records, accumulation of new distinct IPs in the hosting infrastructure, and location of change bo...
متن کاملOnline Monitoring and Fault Diagnosis of Multivariate-attribute Process Mean Using Neural Networks and Discriminant Analysis Technique
In some statistical process control applications, the process data are not Normally distributed and characterized by the combination of both variable and attributes quality characteristics. Despite different methods which are proposed separately for monitoring multivariate and multi-attribute processes, only few methods are available in the literature for monitoring multivariate-attribute proce...
متن کاملUnsupervised, low latency anomaly detection of algorithmically generated domain names by generative probabilistic modeling
We propose a method for detecting anomalous domain names, with focus on algorithmically generated domain names which are frequently associated with malicious activities such as fast flux service networks, particularly for bot networks (or botnets), malware, and phishing. Our method is based on learning a (null hypothesis) probability model based on a large set of domain names that have been whi...
متن کامل