

Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection

14 years 3 months ago
Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection
Capturing Fast-Flux Service Networks (FFSNs) by temporal variances is an intuitive way for seeking to identify rapid changes of DNS records. Unfortunately, the features regard to temporal variances would lead to the delay detection (more than one hour) of FFSN which could cause more damages, such as Botnet propagation and malware delivery. In this study, we proposed a delay-free detection system, Spatial Snapshot Fast-flux Detection system (SSFD), for identifying FFSN in real time and alleviating these potential damages. SSFD is capable to capture the geographical pattern of hosts as well as mapping IP addresses in a DNS response into geographic coordinate system for revealing FFSNs at the moment. The SSFD benefits from two novel spatial measures proposed in this study
Si-Yu Huang, Ching-Hao Mao, Hahn-Ming Lee
Added 08 Sep 2010
Updated 08 Sep 2010
Type Conference
Year 2010
Where CCS
Authors Si-Yu Huang, Ching-Hao Mao, Hahn-Ming Lee
Comments (0)