Online Version - Last Updated - 20 Jan 2012 |
 |
| Home |
| |
| Procedures and Resources for Authors |
|
| Information and Resources for Volume Editors |
| |
| Orders and Subscriptions |
| |
| Published Articles |
|
| Upcoming Volumes |
| |
| Contact Us |
| |
| Useful External Links |
| |
| CRPIT Site Search |
Detection of Fast Flux Service Networks
Campbell, S., Chan, S. and Lee, J.
Fast Flux Service Networks (FFSN) apply high availability server techniques to the business of malware distribution. FFSNs are similar to commercial content distribution networks (CDN), such as Akamai, in terms of size, scope, and business model, serving as an outsourced content delivery service for clients. Using an analysis of DNS traffic, we derive a sequential hypothesis-testing algorithm based entirely on traffic characteristics and dynamic white listing to provide real time detection of FFSNs in live traffic. We improve on existing work, providing faster and more accurate detection of FFSNs. We also investigate a category of hosts not fully explored in previous detectors - Open Content Distribution Networks (OCDN) that share many of the characteristics of FFSNs.
Cite as: Campbell, S., Chan, S. and Lee, J. (2011). Detection of Fast Flux Service Networks. In Proc. Australasian Information Security Conference (AISC 2011) Perth, Australia. CRPIT, 116. Colin Boyd and Josef Pieprzyk Eds., ACS. 57-66
(from crpit.com)
(local if available)
