PASSVM: A highly accurate fast flux detection system

Abstract Fast Flux service networks (FFSNs) are used by adversaries to provide high availability to malicious servers while keeping them hidden from direct access. In these networks, a large number of botnet machines work as proxies to relay the traffic between end users and a malicious mothership server which is controlled by an adversary. Various mechanisms have been proposed for detecting FFSNs. However, most of these mechanisms depend on collecting a large amount of DNS traffic traces and require a considerable amount of time to identify fast flux domains. In this paper, we propose an efficient AI-based online fast flux detection system that performs highly accurate and extremely fast detection of fast flux domains. The proposed system, called PASSVM, is based on features that are associated with DNS response messages of a given domain name. The approach relies on features that are stored in local databases, in addition to features that are extracted from the response DNS messages. The information in the databases are obtained from Censys search engine and an IP Geolocation service. PASSVM is evaluated using three types of supervised machine learning algorithms which are: Multilayer Perceptron (MLP), Radial Basis Function Network (RBF), and Support Vector Machines (SVM). Results show that SVM with RBF kernel outperformed the other two methods with an accuracy of 99.557% and a detection time of less than 18 ms.

[1]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[2]  Dan Boneh,et al.  Protecting browsers from DNS rebinding attacks , 2009, ACM Trans. Web.

[3]  Thorsten Joachims,et al.  Making large scale SVM learning practical , 1998 .

[4]  Monther Aldwairi,et al.  GFlux: A google-based system for Fast Flux detection , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[5]  Craig A. Shue,et al.  The best bang for the byte: Characterizing the potential of DNS amplification attacks , 2017, Comput. Networks.

[6]  Sanmeet Kaur,et al.  Issues and challenges in DNS based botnet detection: A survey , 2019, Comput. Secur..

[7]  Georgios Kambourakis,et al.  DNS amplification attack revisited , 2013, Comput. Secur..

[8]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[9]  Issa Traoré,et al.  P2P Botnet Detection through Malicious Fast Flux Network Identification , 2012, 2012 Seventh International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[10]  Zou Futai,et al.  Hybrid detection and tracking of fast-flux botnet on domain name system traffic , 2013, China Communications.

[11]  Hui-Tang Lin,et al.  Genetic-based real-time fast-flux service networks detection , 2013, Comput. Networks.

[12]  Joel Sommers A Web Client Perspective on IP Geolocation Accuracy , 2020, 2020 International Symposium on Networks, Computers and Communications (ISNCC).

[13]  Elisa Ricci,et al.  Associative Memory Design Using Support Vector Machines , 2006, IEEE Transactions on Neural Networks.

[14]  Hao Yu,et al.  An Incremental Design of Radial Basis Function Networks , 2014, IEEE Transactions on Neural Networks and Learning Systems.

[15]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[16]  Nael B. Abu-Ghazaleh,et al.  Collaborative Client-Side DNS Cache Poisoning Attack , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[17]  Chunfu Jia,et al.  Hiding Fast Flux Botnet in Plain Email Sight , 2017, ATCS/SePrIoT@SecureComm.

[18]  Moncef Gabbouj,et al.  Training Radial Basis Function Neural Networks for Classification via Class-Specific Clustering , 2016, IEEE Transactions on Neural Networks and Learning Systems.

[19]  Ramesh C. Bansal,et al.  Non‐linear LS‐SVM with RBF‐kernel‐based approach for AGC of multi‐area energy systems , 2018, IET Generation, Transmission & Distribution.

[20]  Uday Pratap Singh,et al.  Bacterial Foraging Optimization Based Radial Basis Function Neural Network (BRBFNN) for Identification and Classification of Plant Leaf Diseases: An Automatic Approach Towards Plant Pathology , 2018, IEEE Access.

[21]  Yongzheng Zhang,et al.  A Deep Learning Based Fast-Flux and CDN Domain Names Recognition Method , 2019, Proceedings of the 2019 2nd International Conference on Information Science and Systems.

[23]  Christopher J. C. Burges,et al.  A Tutorial on Support Vector Machines for Pattern Recognition , 1998, Data Mining and Knowledge Discovery.

[24]  Ammar Almomani,et al.  Fast-flux hunter: a system for filtering online fast-flux botnet , 2018, Neural Computing and Applications.

[25]  Sandeep Yadav,et al.  Detecting algorithmically generated malicious domain names , 2010, IMC '10.

[26]  Chun-Ying Huang,et al.  Fast-Flux Bot Detection in Real Time , 2010, RAID.

[27]  Ting Yu,et al.  A Survey on Malicious Domains Detection through DNS Data Analysis , 2018, ACM Comput. Surv..

[28]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[29]  Fran Casino,et al.  Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures , 2020, Comput. Secur..

[30]  Pierangelo Lombardo,et al.  Fast Flux Service Network Detection via Data Mining on Passive DNS Traffic , 2018, ISC.

[31]  Nick Feamster,et al.  Dynamics of Online Scam Hosting Infrastructure , 2009, PAM.

[32]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[33]  Roberto Perdisci,et al.  Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis , 2012, IEEE Transactions on Dependable and Secure Computing.

[34]  Sun I. Kim,et al.  Nonlinear Support Vector Machine Visualization for Risk Factor Analysis Using Nomograms and Localized Radial Basis Function Kernels , 2008, IEEE Transactions on Information Technology in Biomedicine.

[35]  Ahmad Jakalan,et al.  Identifying Fast-Flux Botnet With AGD Names at the Upper DNS Hierarchy , 2018, IEEE Access.

[36]  Nan Zhou,et al.  Multilayer Perceptron Method to Estimate Real-World Fuel Consumption Rate of Light Duty Vehicles , 2019, IEEE Access.