Sciweavers

DIMVA
2008

FluXOR: Detecting and Monitoring Fast-Flux Service Networks

14 years 1 months ago
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
Botnets are large groups of compromised machines (bots) used by miscreants for the most illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets, we have developed FluXOR, a system to detect and monitor fast-flux service networks. FluXOR monitoring and detection strategies entirely rely on the analysis of a set of features observable from the point of view of a victim of the scams perpetrated thorough botnets. We have been using FluXOR for about a month and so far we have detected 387 fast-flux service networks, totally composed by 31998 distinct compromised machi...
Emanuele Passerini, Roberto Paleari, Lorenzo Marti
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2008
Where DIMVA
Authors Emanuele Passerini, Roberto Paleari, Lorenzo Martignoni, Danilo Bruschi
Comments (0)