Measuring and Detecting Fast-Flux Service Networks

We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies.

[1]  Randy H. Katz,et al.  A case for redundant arrays of inexpensive disks (RAID) , 1988, SIGMOD '88.

[2]  J. Nichols,et al.  Statistical inference for capture-recapture experiments , 1992 .

[3]  Michelle Butler,et al.  A Scalable HTTP Server: The NCSA Prototype , 1994, Comput. Networks ISDN Syst..

[4]  David Barr,et al.  Common DNS Operational and Configuration Errors , 1996, RFC.

[5]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[6]  A. Birolini Reliability Engineering: Theory and Practice , 1999 .

[7]  Philip S. Yu,et al.  Dynamic Load Balancing on Web-Server Systems , 1999, IEEE Internet Comput..

[8]  O. Mangasarian,et al.  Massive data discrimination via linear support vector machines , 2000 .

[9]  Anees Shaikh,et al.  On the effectiveness of DNS-based server selection , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[10]  Syam Gadde,et al.  Web caching and content distribution: a view from the interior , 2001, Comput. Commun..

[11]  Balachander Krishnamurthy,et al.  On the use and performance of content distribution networks , 2001, IMW '01.

[12]  Krishna P. Gummadi,et al.  An analysis of Internet content delivery systems , 2002, OPSR.

[13]  Eleazar Eskin,et al.  The Spectrum Kernel: A String Kernel for SVM Protein Classification , 2001, Pacific Symposium on Biocomputing.

[14]  David A. Patterson,et al.  A Simple Way to Estimate the Cost of Downtime , 2002, LISA.

[15]  Nello Cristianini,et al.  Kernel Methods for Pattern Analysis , 2003, ICTAI.

[16]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[17]  Felix C. Freiling,et al.  Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks , 2005, ESORICS.

[18]  Klaus-Robert Müller,et al.  Efficient Algorithms for Similarity Measures over Sequential Data: A Look Beyond Kernels , 2006, DAGM-Symposium.

[19]  K. Rieck,et al.  Large Scale Learning with String Kernels , 2006 .

[20]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[21]  Stefan Savage,et al.  Spamscatter: Characterizing Internet Scam Hosting Infrastructure , 2007, USENIX Security Symposium.

[22]  Tyler Moore,et al.  An Empirical Analysis of the Current State of Phishing Attack and Defence , 2007, WEIS.

[23]  Jason Weston,et al.  Large-Scale Learning with String Kernels , 2007 .

[24]  M. Patrick Collins,et al.  Fishing for phishes: applying capture-recapture methods to estimate phishing populations , 2007, eCrime '07.