Fast-flux Attack Network Identification Based on Agent Lifespan

被引：10

作者：

Yu, Sheng ^{[1
]}

Zhou, Shijie ^{[1
]}

Wang, Sha ^{[1
]}

机构：

[1] Univ Elect Sci & Technol China, Sch Comp Sci & Engn, Chengdu 610054, Peoples R China

来源：

2010 IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND INFORMATION SECURITY (WCNIS), VOL 1 | 2010年

关键词：

fast-flux service networks; fast-flux attack; fast-flux attack network; network security;

D O I：

10.1109/WCINS.2010.5541861

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Fast-flux refers to rapidly changing the mapping between IP address and domain name. Although some benign uses with this technique are known, it currently has become a favorite tool for cyber criminals to launch collaborative attacks, such as phishing, pharming, and malware spreading. While the legal fast-flux networks and the malicious ones hold some same features, such as short TTL and large IP pool, it is hard to distinguish them. In this paper we propose a novel way to deal with the fast-flux attack identification issue. We try to measure the service availability of the agents in the fast-flux network to identify the malicious fast-flux. This is the first time that researchers observe the fast-flux network in terms of service availability. We develop some metrics on the service availability. And the observation results show the metrics are useful.

引用

页码：658 / 662

页数：5

共 50 条

[21] Detecting Malicious Fast-Flux Domains Using Feature-based Classification Techniques
Truong, Dinh-Tu
Tran, Dac-Tot
Huynh, Bao
JOURNAL OF INTERNET TECHNOLOGY, 2020, 21 (04): : 1061 - 1072
[22] Detect Fast-Flux Domains Through Response Time Differences
Hsu, Fu-Hau
Wang, Chuan-Sheng
Hsu, Chi-Hsien
Tso, Chang-Kuo
Chen, Li-Han
Lin, Song-Hui
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2014, 32 (10) : 1947 - 1956
[23] CROFlux - Passive DNS method for detecting fast-flux domains
20143718152448
(1) Croatian Academic and Research Network - National, CERT, Croatia, 1600, Ericsson Nikola Tesla Zagreb; et al.; HEP - Croatian Electricity Company Zagreb; InfoDom Zagreb; Koncar-Electrical Industries Zagreb; T-Croatian Telecom Zagreb (IEEE Computer Society):
[24] Genetic-based Real-time Fast-Flux Service Networks Detection
Lin, Hui-Tang
Lin, Ying-You
Chiang, Jui-Wei
COMPUTER NETWORKS, 2013, 57 (02) : 501 - 513
[25] CROFlux -Passive DNS Method for Detecting Fast-Flux Domains
Grzinic, Toni
Perhoc, Darko
Maric, Marko
Vlasic, Filip
Kulcsar, Tibor
2014 37TH INTERNATIONAL CONVENTION ON INFORMATION AND COMMUNICATION TECHNOLOGY, ELECTRONICS AND MICROELECTRONICS (MIPRO), 2014, : 1376 - 1380
[26] 基于Fast-Flux的DNS异常行为分析
李骜骋
王峥
计算机工程, 2018, 44 (12) : 184 - 189+195
[27] Detection of fast-flux botnets through DNS traffic analysis
Soltanaghaei, E.
Kharrazi, M.
SCIENTIA IRANICA, 2015, 22 (06) : 2389 - 2400
[28] Universal Fast-Flux Control of a Coherent, Low-Frequency Qubit
Zhang, Helin
Chakram, Srivatsan
Roy, Tanay
Earnest, Nathan
Lu, Yao
Huang, Ziwen
Koch, Jens
Schuster, David, I
Weiss, D. K.
PHYSICAL REVIEW X, 2021, 11 (01):
[29] Automated Fast-flux Detection using Machine Learning and Genetic Algorithms
Rana, Sachin
Aksoy, Ahmet
IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (IEEE INFOCOM WKSHPS 2021), 2021,
[30] Measurement and Analysis of Global IP-Usage Patterns of Fast-Flux Botnets
Hu, Xin
Knysz, Matthew
Shin, Kang G.
2011 PROCEEDINGS IEEE INFOCOM, 2011, : 2633 - 2641

← 1 2 3 4 5 →