Formulistic Detection of Malicious Fast-Flux Domains

Botnet creates harmful network attacks nowadays. Lawbreaker may implant malware into victim machines using botnets and, furthermore, he employs fast-flux domain technology to improve the lifetime of botnets. To circumvent the detection of command and control server, a set of bots are selected to redirect malicious communication and hides botnet communication within normal user traffic. As the dynamics of fast-flux domains, blacklist mechanism is not efficient to prevent fast-flux botnet attacks. It would be time consuming to examine the legitimacy of the domain of all the network connections. Therefore, a lightweight detection of malicious fast-flux domains is desired. Based on the time-space behavior of malicious fast-flux domains, the network behavior of domains are formulistic in this study to reduce the time complexity of feature modeling. According to the experimental results, the malicious fast-flux domains collected from real networks are identified efficiently and the proposed solution outperforms the blacklists.

[1]  Sheng Yu,et al.  Fast-flux attack network identification based on agent lifespan , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[2]  Chun-Ying Huang,et al.  Fast-Flux Bot Detection in Real Time , 2010, RAID.

[3]  Christopher Leckie,et al.  Collaborative Detection of Fast Flux Phishing Domains , 2009, J. Networks.

[4]  Sandeep Yadav,et al.  Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis , 2012, IEEE/ACM Transactions on Networking.

[5]  Liwei Zhang,et al.  A comparative study for fast-flux service networks detection , 2010, The 6th International Conference on Networked Computing and Advanced Information Management.

[6]  Nick Feamster,et al.  Fast Flux Service Networks: Dynamics and Roles in Hosting Online Scams , 2008 .

[7]  Lorenzo Martignoni,et al.  FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.

[8]  Minaxi Gupta,et al.  Phishing Infrastructure Fluxes All the Way , 2009, IEEE Security & Privacy.

[9]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[10]  Dustin Burke,et al.  Behavioral Patterns of Fast Flux Service Networks , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[11]  Thorsten Holz,et al.  As the net churns: Fast-flux botnet observations , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[12]  Hahn-Ming Lee,et al.  Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection , 2010, ASIACCS '10.

[13]  R. Lua,et al.  Mitigating DDoS attacks with transparent and intelligent fast-flux swarm network , 2011, IEEE Network.