TITLE

Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis

AUTHOR(S)
Perdisci, Roberto; Corona, Igino; Giacinto, Giorgio
PUB. DATE
December 2012
SOURCE
IEEE Transactions on Dependable & Secure Computing;Dec2012, Vol. 9 Issue 5, p714
SOURCE TYPE
Academic Journal
DOC. TYPE
Article
ABSTRACT
In this paper, we present FluxBuster, a novel passive DNS traffic analysis system for detecting and tracking malicious flux networks. FluxBuster applies large-scale monitoring of DNS traffic traces generated by recursive DNS (RDNS) servers located in hundreds of different networks scattered across several different geographical locations. Unlike most previous work, our detection approach is not limited to the analysis of suspicious domain names extracted from spam emails or precompiled domain blacklists. Instead, FluxBuster is able to detect malicious flux service networks in-the-wild, i.e., as they are "accessed” by users who fall victim of malicious content, independently of how this malicious content was advertised. We performed a long-term evaluation of our system spanning a period of about five months. The experimental results show that FluxBuster is able to accurately detect malicious flux networks with a low false positive rate. Furthermore, we show that in many cases FluxBuster is able to detect malicious flux domains several days or even weeks before they appear in public domain blacklists.
ACCESSION #
78146519

 

Related Articles

  • Analyzing influence of network topology on designing ISP-operated CDN. Kamiyama, Noriaki; Mori, Tatsuya; Kawahara, Ryoichi; Harada, Shigeaki; Hasegawa, Haruhisa // Telecommunication Systems;Feb2013, Vol. 52 Issue 2, p969 

    The transmission bandwidth consumed by delivering rich content, such as movie files, is enormous, so it is urgent for ISPs to design an efficient delivery system minimizing the amount of network resources consumed. To serve users rich content economically and efficiently, an ISP itself should...

  • Peer To Peer Association in Content Distribution Network. Aruna, A.; Amrita, D. // International Journal of Advanced Research in Computer Science;Jan/Feb2014, Vol. 5 Issue 1, p145 

    The difficult issue of process and implementing an efficient law for load reconciliation in Content Delivery Networks (CDNs). We tend to base our proposal on a proper study of a CDN system, disbursed through the exploitation of a fluid flow model characterization of the network of SERVERS....

  • Classification of Malicious Domain Names using Support Vector Machine and Bi-gram Method. Davuth, Nhauo; Sung-Ryul Kim // International Journal of Security & Its Applications;Jan2013, Vol. 7 Issue 1, p51 

    Everyday there are millions of domains registered and some of them are related to malicious activities. Recently, domain names have been used to operate malicious networks such as botnet and other types of malicious software (malware). Studies have revealed that it was challenging to keep track...

  • BotCVD: Visual Analysis of DNS Traffic for Botnet Detection. Hongling Jiang; Yiwei Liu; Xiuli Shao // Advances in Information Sciences & Service Sciences;May2012, Vol. 4 Issue 8, p264 

    Botnets become one of the serious threats to the Internet. In this paper, we design a light-weighted approach-BotCVD (Bot Cluster Visual Detector) to detect botnet by visually analyzing DNS traffic. To avoid the confusion of the normal DNS traffic, BotCVD analyzes the features of server-host...

  • SIMULATION AND COMPARISON OF HASHING TECHNIQUES IN CDN DNS. KUMAR BHARDWAJ, SUSHIL; SINGH MALHOTRA, JAGJIT // International Journal of Engineering Science & Technology;2011, Vol. 3 Issue 4, p3039 

    Content Delivery Networks (CDNs) offer fast and reliable delivery of content to end user. It involves replication of content from the origin server to CDN surrogate severs, scattered over the globe. At present, Domain Name Server (DNS) based request routing is widely deployed in Internet. DNS...

  • DNS-AD Rescue. Rux, Eric B. // Windows IT Pro;Feb2007, Vol. 13 Issue 2, p27 

    The article suggests solutions to Domain Name Service (DNS)-Active Directory (AD) annoyances. Some of the AD and DNA problems include domain controllers did not point to a DNS server, AD DNS Resource Records were missing and DNS was not set to accept dynamic updates. It is recommended to have a...

  • Chasing the DNS Zone-Location Problem. GERBER, BOYD // Windows IT Pro;May2010, Vol. 16 Issue 5, p17 

    The article offers information how to avoid zone replication conflicts on Active Directory (AD)-integrated Domain Name System (DNS) servers on Windows Server 2003. The author discusses how a problem might occur when changes are made to the zone settings that affect the location of the DNS zones....

  • Secrets of Windows Server 2008. McCown, Sean // NetworkWorld Asia;Apr2008, Vol. 4 Issue 3, p26 

    The article offers information on the Windows Server 2008, popularly known by its codename Longhorn, from Microsoft Corp. It then discusses the impact Longhorn's final version to the user or to the organization. Accordingly, Windows Server 2008 is significant release for Microsoft and represents...

  • Nepenthes Honeypots Based Botnet Detection. Kumar, Sanjeev; Sehgal, Rakesh; Singh, Paramdeep; Chaudhary, Ankit // Journal of Advances in Information Technology;Nov2012, Vol. 3 Issue 4, p215 

    the numbers of the botnet attacks are increasing day by day and the detection of botnet spreading in the network has become very challenging. Bots are having specific characteristics in comparison of normal malware as they are controlled by the remote master server and usually don't show their...

Share

Read the Article

Courtesy of VIRGINIA BEACH PUBLIC LIBRARY AND SYSTEM

Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics