Fast-flux attack network identification based on agent lifespan
暂无分享,去创建一个
Fast-flux refers to rapidly changing the mapping between IP address and domain name. Although some benign uses with this technique are known, it currently has become a favorite tool for cyber criminals to launch collaborative attacks, such as phishing, pharming, and malware spreading. While the legal fast-flux networks and the malicious ones hold some same features, such as short TTL and large IP pool, it is hard to distinguish them. In this paper we propose a novel way to deal with the fast-flux attack identification issue. We try to measure the service availability of the agents in the fast-flux network to identify the malicious fast-flux. This is the first time that researchers observe the fast-flux network in terms of service availability. We develop some metrics on the service availability. And the observation results show the metrics are useful.
[1] Christopher Leckie,et al. Collaborative Detection of Fast Flux Phishing Domains , 2009, J. Networks.
[2] Felix C. Freiling,et al. Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.
[3] Lorenzo Martignoni,et al. FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.
[4] Tyler Moore,et al. An Empirical Analysis of the Current State of Phishing Attack and Defence , 2007, WEIS.