Machine Learning - Special issue on applications of machine learning and the knowledge discovery process
Tackling Real-Coded Genetic Algorithms: Operators and Tools for Behavioural Analysis
Artificial Intelligence Review
On the use and performance of content distribution networks
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Real-Time Detection of Fast Flux Service Networks
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Fast-flux bot detection in real time
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A fuzzy pattern-based filtering algorithm for botnet detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Evolutionary computation: comments on the history and current state
IEEE Transactions on Evolutionary Computation
Gradual distributed real-coded genetic algorithms
IEEE Transactions on Evolutionary Computation
Bayesian Neural Networks for Internet Traffic Classification
IEEE Transactions on Neural Networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
A new DNS technique called Fast-Flux Service Network (FFSN) has been employed by bot herders to hide malicious activities and extend the lifetime of malicious root servers. Although various methods have been proposed for detecting FFSNs, these mechanisms have low detection accuracy and protracted detection time. This study presents a novel detection scheme, designated as the Genetic-based ReAl-time DEtection (GRADE) system, to identify FFSNs in real time. GRADE differentiates between FFSNs and benign services by employing two new characteristics: the entropy of domains of preceding nodes for all A records and the standard deviation of round trip time to all A records. By applying genetic algorithms, GRADE is able to find the best strategy to detect current FFSN trends. Empirical results show GRADE has very high detection accuracy (~98%) and gives results within a few seconds. It provides considerable improvement over existing reference schemes such Flux-Score [8], SSFD [13], and FFSD [14].