Monitoring a Fast Flux botnet using recursive and passive DNS: A case study

被引:0
|
作者
Mahjoub, Dhia [1 ]
机构
[1] OpenDNS, Umbrella Secur Labs, San Francisco, CA 94107 USA
来源
2013 ECRIME RESEARCHERS SUMMIT (ECRS) | 2013年
关键词
fast flux; botnet; Kelihos; real-time; passive DNS;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Fast flux, an evasion technique that has been around for years, continues to be widely used by cybercriminals today. In this case study, we describe a real-time monitoring and detection system that leverages recursive and passive DNS to track the Kelihos fast flux botnet. We track how the botnet grows its population of infected hosts, and detect, in real-time, the newest Kelihos fast flux domains that are being hosted by the botnet. Our analysis will present results on various components and attributes of the infrastructure leveraged by the Kelihos fast flux botnet. These include: domain TLD distribution, botnet geo-distribution, botnet daily cycles, distribution of operating systems used by the botnet machines, daily-discovered fast flux domains, domain and IP lifetime distribution, as well as specific examples of usage that highlight malicious campaigns.
引用
收藏
页数:9
相关论文
共 50 条
  • [21] Monitoring and flux determination of trace metals in rivers of the Seversky Donets basin (Ukraine) using DGT passive samplers
    Yuliya Vystavna
    Frédéric Huneau
    Mikael Motelica-Heino
    Philippe Le Coustumer
    Yuri Vergeles
    Felix Stolberg
    Environmental Earth Sciences, 2012, 65 : 1715 - 1725
  • [22] Monitoring and flux determination of trace metals in rivers of the Seversky Donets basin (Ukraine) using DGT passive samplers
    Vystavna, Yuliya
    Huneau, Frederic
    Motelica-Heino, Mikael
    Le Coustumer, Philippe
    Vergeles, Yuri
    Stolberg, Felix
    ENVIRONMENTAL EARTH SCIENCES, 2012, 65 (06) : 1715 - 1725
  • [23] A case study of statistical downscaling in Australia using weather classification by recursive partitioning
    Schnur, R
    Lettenmaier, DP
    JOURNAL OF HYDROLOGY, 1998, 212 (1-4) : 362 - 379
  • [24] Passive Monitoring using a Combination of Focused and Phased Array Radiometry: a Simulation Study
    Farantatos, Panagiotis
    Karanasiou, Irene S.
    Uzunoglu, Nikolaos
    2011 ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN MEDICINE AND BIOLOGY SOCIETY (EMBC), 2011, : 501 - 504
  • [25] Analytical approaches for evaluating passive acoustic monitoring data: A case study of avian vocalizations
    Symes, Laurel B.
    Kittelberger, Kyle D.
    Stone, Sophia M.
    Holmes, Richard T.
    Jones, Jessica S.
    Castaneda Ruvalcaba, Itzel P.
    Webster, Michael S.
    Ayres, Matthew P.
    ECOLOGY AND EVOLUTION, 2022, 12 (04):
  • [26] Monitoring the Bubble Flux of a Shallow-Water Seep Using Passive Acoustics with Allowance for the Effect of the Type of Underlying Surface
    Ivanova I.N.
    Budnikov A.A.
    Malakhova T.V.
    Grishanina N.A.
    Dyemin I.D.
    Bulletin of the Russian Academy of Sciences: Physics, 2022, 86 (02): : 190 - 193
  • [27] Monitoring thermal anomaly and radiative heat flux using thermal infrared satellite imagery - A case study at Tuzla geothermal region
    Sekertekin, Aliihsan
    Arslan, Niyazi
    GEOTHERMICS, 2019, 78 : 243 - 254
  • [28] A Case Study of Bearing Condition Monitoring Using SPM
    Yang, Ruifeng
    Kang, Jianshe
    Zhao, Jinsong
    Li, Jie
    Li, Haiping
    PROCEEDINGS OF 2014 PROGNOSTICS AND SYSTEM HEALTH MANAGEMENT CONFERENCE (PHM-2014 HUNAN), 2014, : 695 - 698
  • [29] Drying dairy manure using a passive solar still: A case study
    Nicholas, Hannah Larissa
    Mabbett, Ian
    ENERGY NEXUS, 2023, 10
  • [30] Flood Monitoring Using Enhanced Resolution Passive Microwave Data: A Test Case over Bangladesh
    Colosio, Paolo
    Tedesco, Marco
    Tellman, Elizabeth
    REMOTE SENSING, 2022, 14 (05)
12345