Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security 2010
DOI: 10.1145/1755688.1755702
|View full text |Cite
|
Sign up to set email alerts
|

Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection

Abstract: Capturing Fast-Flux Service Networks (FFSNs) by temporal variances is an intuitive way for seeking to identify rapid changes of DNS records. Unfortunately, the features regard to temporal variances would lead to the delay detection (more than one hour) of FFSN which could cause more damages, such as Botnet propagation and malware delivery. In this study, we proposed a delay-free detection system, Spatial Snapshot Fast-flux Detection system (SSFD), for identifying FFSN in real time and alleviating these potenti… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

1
34
0

Year Published

2011
2011
2023
2023

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 30 publications
(35 citation statements)
references
References 8 publications
1
34
0
Order By: Relevance
“…Researches [6], [8], [10]- [12] inspected fast-flux domain based on the information collected and stored in a database. Referencing database required a certain amount of storage for processing and the information should be up-to-date or the detection rate might be affected.…”
Section: The Distribution Of Flux Agents [2] [4]mentioning
confidence: 99%
See 1 more Smart Citation
“…Researches [6], [8], [10]- [12] inspected fast-flux domain based on the information collected and stored in a database. Referencing database required a certain amount of storage for processing and the information should be up-to-date or the detection rate might be affected.…”
Section: The Distribution Of Flux Agents [2] [4]mentioning
confidence: 99%
“…FluxOR [4] was to identify malicious fast-flux domains by three categories (domain name, the availability of network, and the heterogeneity of agents) and nine features of DNS/IP information. Huang [6] applied IP addresses to find the actual geographical coordinate distribution to determine the malicious fast-flux Chia-Mei Chen, Sheng-Tzong Cheng, and Ju-Hsien Chou Detection of Fast-Flux Domains domain. Hsu [7] considered the stability of transmission latency time as C&C flux agents may have variant network bandwidth and dynamic response time.…”
Section: Introductionmentioning
confidence: 99%
“…RELATED WORK Recently, a number of techniques have been proposed to effectively detect FF domains [2], [8], [3], [9], [4]. They started with collecting DNS queries for a large number of suspicious domains through either active or passive monitoring, over time periods ranging from 1 or 2 TTLs to weeks.…”
Section: Empirical Observationsmentioning
confidence: 99%
“…They started with collecting DNS queries for a large number of suspicious domains through either active or passive monitoring, over time periods ranging from 1 or 2 TTLs to weeks. From these traces, they extracted similar sets of DNS features that can be used to characterize FF domains, for instance, the number of unique IPs, ASes, TLDs and spatial distribution [4] of IPs (similar to the number of ASes, the spatial distribution feature captures the dispersive nature of FF botnet IPs). Classification algorithms, such as support vector machines (SVM) [2], decision trees [8] and Bayesian network [4], were applied to the extracted features, determining if each domain is a FF domain.…”
Section: Empirical Observationsmentioning
confidence: 99%
See 1 more Smart Citation