Early detection of malicious Flux networks via large-scale passive DNS traffic analysis

IEEE Transactions on Dependable and Secure Computing

Volumn 9, Issue 5, 2012, Pages 714-726

  Perdisci, Roberto ^a   Corona, Igino ^b   Giacinto, Giorgio ^b  

^a UNIVERSITY OF GEORGIA   (United States)

^b UNIVERSITY OF CAGLIARI   (Italy)

Author keywords

classification; clustering; DNS; Flux networks; Internet security; passive traffic analysis

Indexed keywords

CLASSIFICATION (OF INFORMATION); NETWORK SECURITY;

CLUSTERING; FALSE POSITIVE RATES; FLUX NETWORK; GEOGRAPHICAL LOCATIONS; INTERNET SECURITY; LARGE-SCALE MONITORING; LONG-TERM EVALUATION; TRAFFIC ANALYSIS;

INTERNET PROTOCOLS;

EID: 84864753059     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2012.35     Document Type: Article

References (20)

1. SSAC, "SAC 025 -SSAC Advisory on Fast Flux Hosting and DNS," http://www.icann.org/en/committees/security/sac025. pdf, 2008.
2. The Honeynet Project,Know Your Enemy: Fast-Flux Service Networks, http://old.honeynet.org/papers/ff/fast-flux.html,2007.
3. T. Holz, C. Gorecki, K. Rieck, and F. Freiling, "Measuring and Detecting Fast-Flux Service Networks," Proc. Network and Distributed System Security Symp. (NDSS '08), 2008.
4. E. Passerini, R. Paleari, L. Martignoni, and D. Bruschi, "Fluxor: Detecting and Monitoring Fast-Flux Service Networks," Proc. Fifth Int'l Conf. Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA '08), 2008.
5. J. Nazario and T. Holz, "As the Net Churns: Fast-Flux Botnet Observations," Proc. Third Int'l Conf. Malicious and Unwanted Software (MALWARE '08), 2008.
6. M. Konte, N. Feamster, and J. Jung, "Dynamics of Online Scam Hosting Infrastructure," Proc. Passive and Active Measurement Conf. (PAM '09), 2009.
7. R. Perdisci, I. Corona, D. Dagon, and W. Lee, "Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces," Proc. Ann. Computer Security Applications Conf. (ACSAC), 2009.
8. ISC Security Information Exchange, https://sie.isc.org,, 2012.
9. X. Hu, M. Knysz, and K.G. Shin, "RB-Seeker: Auto-Detection of Redirection Botnets," Proc. Ann. Network and Distributed System Security Symp. (NDSS), 2009.
10. C.-H. Hsu, C.-Y. Huang, and K.-T. Chen, "Fast-Flux Bot Detection in Real Time," Proc. 13th Int'l Conf. Recent Advances in Intrusion Detection (RAID '10), 2010.
11. M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster, "Building a Dynamic Reputation System for dns," Proc. 19th USENIX Conf. Security, 2010.
12. L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, "Building a Dynamic Reputation System for DNS," Proc. 18th Ann. Network and Distributed System Security Symp. (NDSS), 2011.
13. M. Antonakakis, R. Perdisci, W. Lee, N. Vasiloglou, and D. Dagon, "Detecting Malware Domains at the Upper DNS Hierarchy," Proc. 20th USENIX Conf. Security, 2011.
14. A.K. Jain and R.C. Dubes, Algorithms for Clustering Data. Prentice-Hall, Inc., 1988.
15. A.K. Jain, M.N. Murty, and P.J. Flynn, "Data Clustering: A Review," ACM Computing Surveys, vol. 31, no. 3, pp. 264-323, 1999.
16. R. Dugad and N. Ahuja, "Unsupervised Multidimensional Hierarchical Clustering," Proc. IEEE Int'l Conf. Acoustics, Speech and Signal Processing, 1998.
17. J.R. Quinlan, C4.5: Programs for Machine Learning.,Morgan Kaufmann Publishers,1993.
18. Zeus Tracker,https://zeustracker.abuse.ch/,2012.
19. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna, "Your Botnet is My Botnet: Analysis of a Botnet Takeover," Proc. ACM Conf. Computer and Comm. Security, 2009.
20. M. Knysz, X. Hu, and K.G. Shin, "Good Guys vs. Bot Guise: Mimicry Attacks against Fast-Flux Detection Systems," Proc. IEEE INFOCOM, 2011.