Detecting malicious fast flux domains

Mahmoud T. Qassrawi; Hongli Zhang

doi:10.4028/www.scientific.net/AMM.157-158.1264

Detecting malicious fast flux domains

Mahmoud T. Qassrawi^*
, Hongli Zhang

^*Corresponding author for this work

School of Computer Science and Technology, Harbin Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Fast-flux service networks (FFSN) are new emerging phenomenon in the internet. Fast-flux networks use proxy networks of compromised machines to redirect and host scam service to achieve high availability. Such technique helps scam websites to avoid being traced and taken down by security professionals. In this paper, we use alternative decision tree algorithm to identify presence of fast-flux domains by analyzing only one address record (A-record) of DNS lookup, which achieves fast detection.

Original language	English
Title of host publication	Mechatronics and Applied Mechanics
Pages	1264-1273
Number of pages	10
DOIs	https://doi.org/10.4028/www.scientific.net/AMM.157-158.1264
State	Published - 2012
Externally published	Yes
Event	Mechatronics and Applied Mechanics - Hong Kong, Hong Kong Duration: 27 Dec 2011 → 28 Dec 2011

Publication series

Name	Applied Mechanics and Materials
Volume	157-158
ISSN (Print)	1660-9336
ISSN (Electronic)	1662-7482

Conference

Conference	Mechatronics and Applied Mechanics
Country/Territory	Hong Kong
City	Hong Kong
Period	27/12/11 → 28/12/11

Keywords

A record
Availability
DNS lookup
Fast flux

Access to Document

10.4028/www.scientific.net/AMM.157-158.1264

Cite this

@inproceedings{df54108360044e3d90442e700d19c0ea,

title = "Detecting malicious fast flux domains",

abstract = "Fast-flux service networks (FFSN) are new emerging phenomenon in the internet. Fast-flux networks use proxy networks of compromised machines to redirect and host scam service to achieve high availability. Such technique helps scam websites to avoid being traced and taken down by security professionals. In this paper, we use alternative decision tree algorithm to identify presence of fast-flux domains by analyzing only one address record (A-record) of DNS lookup, which achieves fast detection.",

keywords = "A record, Availability, DNS lookup, Fast flux",

author = "Qassrawi, \{Mahmoud T.\} and Hongli Zhang",

year = "2012",

doi = "10.4028/www.scientific.net/AMM.157-158.1264",

language = "英语",

isbn = "9783037853801",

series = "Applied Mechanics and Materials",

pages = "1264--1273",

booktitle = "Mechatronics and Applied Mechanics",

note = "Mechatronics and Applied Mechanics ; Conference date: 27-12-2011 Through 28-12-2011",

}

TY - GEN

T1 - Detecting malicious fast flux domains

AU - Qassrawi, Mahmoud T.

AU - Zhang, Hongli

PY - 2012

Y1 - 2012

N2 - Fast-flux service networks (FFSN) are new emerging phenomenon in the internet. Fast-flux networks use proxy networks of compromised machines to redirect and host scam service to achieve high availability. Such technique helps scam websites to avoid being traced and taken down by security professionals. In this paper, we use alternative decision tree algorithm to identify presence of fast-flux domains by analyzing only one address record (A-record) of DNS lookup, which achieves fast detection.

AB - Fast-flux service networks (FFSN) are new emerging phenomenon in the internet. Fast-flux networks use proxy networks of compromised machines to redirect and host scam service to achieve high availability. Such technique helps scam websites to avoid being traced and taken down by security professionals. In this paper, we use alternative decision tree algorithm to identify presence of fast-flux domains by analyzing only one address record (A-record) of DNS lookup, which achieves fast detection.

KW - A record

KW - Availability

KW - DNS lookup

KW - Fast flux

UR - https://www.scopus.com/pages/publications/84863242468

U2 - 10.4028/www.scientific.net/AMM.157-158.1264

DO - 10.4028/www.scientific.net/AMM.157-158.1264

M3 - 会议稿件

AN - SCOPUS:84863242468

SN - 9783037853801

T3 - Applied Mechanics and Materials

SP - 1264

EP - 1273

BT - Mechatronics and Applied Mechanics

T2 - Mechatronics and Applied Mechanics

Y2 - 27 December 2011 through 28 December 2011

ER -

Detecting malicious fast flux domains

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this