Monitoring a Fast Flux botnet using recursive and passive DNS: A case study

被引:0
|
作者
Mahjoub, Dhia [1 ]
机构
[1] OpenDNS, Umbrella Secur Labs, San Francisco, CA 94107 USA
来源
2013 ECRIME RESEARCHERS SUMMIT (ECRS) | 2013年
关键词
fast flux; botnet; Kelihos; real-time; passive DNS;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Fast flux, an evasion technique that has been around for years, continues to be widely used by cybercriminals today. In this case study, we describe a real-time monitoring and detection system that leverages recursive and passive DNS to track the Kelihos fast flux botnet. We track how the botnet grows its population of infected hosts, and detect, in real-time, the newest Kelihos fast flux domains that are being hosted by the botnet. Our analysis will present results on various components and attributes of the infrastructure leveraged by the Kelihos fast flux botnet. These include: domain TLD distribution, botnet geo-distribution, botnet daily cycles, distribution of operating systems used by the botnet machines, daily-discovered fast flux domains, domain and IP lifetime distribution, as well as specific examples of usage that highlight malicious campaigns.
引用
收藏
页数:9
相关论文
共 50 条
  • [11] Human behavior monitoring using a passive indoor positioning system: a case study in a SME
    Lopez-de-Teruel, Pedro E.
    Garcia, Felix J.
    Canovas, Oscar
    Gonzalez, Ruben
    Carrasco, Jose A.
    14TH INTERNATIONAL CONFERENCE ON MOBILE SYSTEMS AND PERVASIVE COMPUTING (MOBISPC 2017) / 12TH INTERNATIONAL CONFERENCE ON FUTURE NETWORKS AND COMMUNICATIONS (FNC 2017) / AFFILIATED WORKSHOPS, 2017, 110 : 182 - 189
  • [12] ROLE OF FEEDBACK REACTIVITIES IN THE PASSIVE SAFETY OF NUCLEAR-REACTORS - THE CASE OF THE FAST FLUX TEST FACILITY
    NGUYEN, DH
    NUCLEAR TECHNOLOGY, 1990, 91 (01) : 61 - 74
  • [13] FAST NEUTRON-FLUX MONITORING INSTRUMENTATION FOR LEAD FAST REACTORS: A PRELIMINARY STUDY ON FISSION CHAMBER PERFORMANCES
    Lepore, Luigi
    Remetti, Romolo
    Cappelli, Mauro
    PROCEEDINGS OF THE 22ND INTERNATIONAL CONFERENCE ON NUCLEAR ENGINEERING - 2014, VOL 6, 2014,
  • [14] Comparison and integration of active and passive microwave for rainfall monitoring: A study case
    Nativi, S
    Leger, F
    Baldini, L
    Giuli, D
    REMOTE SENSING OF VEGETATION AND SEA, 1997, 2959 : 129 - 138
  • [15] Heat flux monitoring during cryogenic pipe freezing: A case study
    Tavner, ACR
    Bowen, RJ
    Bishop, CW
    CHEMICAL ENGINEERING RESEARCH & DESIGN, 1996, 74 (A2): : 239 - 241
  • [16] Heat flux monitoring during cryogenic pipe freezing: A case study
    Tavner, A.C.R.
    Bowen, R.J.
    Bishop, C.W.
    Chemical Engineering Research and Design, 1996, 74 (A2) : 239 - 241
  • [17] A study for measuring emissions of organophosphate flame retardants using a passive flux sampler
    Ni, YY
    Kumagai, K
    Yanagisawa, Y
    INDOOR AIR 2005: PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON INDOOR AIR QUALITY AND CLIMATE, VOLS 1-5, 2005, : 2099 - 2102
  • [18] A CASE STUDY OF INDOOR AIR QUALITY IN A CLASSROOM BY COMPARING PASSIVE AND CONTINUOUS MONITORING
    Aversa, Patrizia
    Settimo, Gaetano
    Gorgoglione, Marco
    Bucci, Emanuela
    Padula, Giorgio
    De Marco, Alessandra
    ENVIRONMENTAL ENGINEERING AND MANAGEMENT JOURNAL, 2019, 18 (10): : 2107 - 2115
  • [19] A study on emission of phthalate esters from plastic materials using a passive flux sampler
    Fujii, M
    Shinohara, N
    Lim, A
    Otake, T
    Kumagai, K
    Yanagisawa, Y
    ATMOSPHERIC ENVIRONMENT, 2003, 37 (39-40) : 5495 - 5504
  • [20] Organizational Routines in Flux A Case Study of Change in Recording and Monitoring Student Attendance
    Conley, Sharon
    Enomoto, Ernestine K.
    EDUCATION AND URBAN SOCIETY, 2009, 41 (03) : 364 - 386
12345