Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Distributed Evasive Scan Techniques and Countermeasures
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Real-Time Detection of Fast Flux Service Networks
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Phishing Infrastructure Fluxes All the Way
IEEE Security and Privacy
Behavioral Patterns of Fast Flux Service Networks
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Phishnet: predictive blacklisting to detect phishing attacks
INFOCOM'10 Proceedings of the 29th conference on Information communications
| Hi-index | 0.00 |
Fast Flux Service Networks (FFSN) apply high availability server techniques to the business of malware distribution. FFSNs are similar to commercial content distribution networks (CDN), such as Akamai, in terms of size, scope, and business model, serving as an outsourced content delivery service for clients. Using an analysis of DNS traffic, we derive a sequential hypothesis-testing algorithm based entirely on traffic characteristics and dynamic white listing to provide real time detection of FFSNs in live traffic. We improve on existing work, providing faster and more accurate detection of FFSNs. We also investigate a category of hosts not fully explored in previous detectors - Open Content Distribution Networks (OCDN) that share many of the characteristics of FFSNs.