Fast Flux Watch: A mechanism for online detection of fast flux networks
نویسندگان
چکیده
Fast flux networks represent a special type of botnets that are used to provide highly available web services to a backend server, which usually hosts malicious content. Detection of fast flux networks continues to be a challenging issue because of the similar behavior between these networks and other legitimate infrastructures, such as CDNs and server farms. This paper proposes Fast Flux Watch (FF-Watch), a mechanism for online detection of fast flux agents. FF-Watch is envisioned to exist as a software agent at leaf routers that connect stub networks to the Internet. The core mechanism of FF-Watch is based on the inherent feature of fast flux networks: flux agents within stub networks take the role of relaying client requests to point-of-sale websites of spam campaigns. The main idea of FF-Watch is to correlate incoming TCP connection requests to flux agents within a stub network with outgoing TCP connection requests from the same agents to the point-of-sale website. Theoretical and traffic trace driven analysis shows that the proposed mechanism can be utilized to efficiently detect fast flux agents within a stub network.
منابع مشابه
Measuring and Detecting Fast-Flux Service Networks
We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a ...
متن کاملFast Flux Service Networks: Dynamics and Roles in Hosting Online Scams∗
This paper studies the dynamics of fast flux service networks and their role in online scam hosting infrastructures. By monitoring changes in DNS records of over 350 distinct fast flux domains collected from URLs in 115,000 spam emails at a large spam sinkhole, we measure the rate of change of DNS records, accumulation of new distinct IPs in the hosting infrastructure, and location of change bo...
متن کاملA Fast Approach to the Detection of All-Purpose Hubs in Complex Networks with Chemical Applications
A novel algorithm for the fast detection of hubs in chemical networks is presented. The algorithm identifies a set of nodes in the network as most significant, aimed to be the most effective points of distribution for fast, widespread coverage throughout the system. We show that our hubs have in general greater closeness centrality and betweenness centrality than vertices with maximal degree, w...
متن کاملFast thermodynamically constrained flux variability analysis
MOTIVATION Flux variability analysis (FVA) is an important tool to further analyse the results obtained by flux balance analysis (FBA) on genome-scale metabolic networks. For many constraint-based models, FVA identifies unboundedness of the optimal flux space. This reveals that optimal flux solutions with net flux through internal biochemical loops are feasible, which violates the second law of...
متن کاملNonlinear Model of Tape Wound Core Transformers
Recently, tape wound cores due to their excellent magnetic properties, are widely used in different types of transformers. Performance prediction of these transformers needs an accurate model with ability to determine flux distribution within the core and magnetic loss. Spiral structure of tape wound cores affects the flux distribution and always cause complication of analysis. In this paper, a...
متن کامل