Behavioral analysis of botnets for threat intelligence
Information Systems and e-Business Management
Fluxing botnet command and control channels with URL shortening services
Computer Communications
Detection of fast flux service networks
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
| Hi-index | 0.00 |
We present behavioral pattern analysis of fast flux service networks (FFSNs) using our database of FFSNs collected over a period of 12 months with our real-time fast flux network detection algorithm [1]. FFSNs exploit a network of compromised machines (zombies) for illegal activities such as spam campaigns, phishing scams and malware delivery using DNS record manipulation techniques. Our results, which build upon our analysis results [2], show that such networks share common lifecycle characteristics, and form clusters based on size, growth and type of malicious behavior. In particular, we introduce a social network connectivity metric, and show that (Command and Control and phishing), (malware and spam botnets) have similar scores with this metric.