Formulistic detection of malicious fast-flux domains

Chia Mei Chen, Sheng-Tzong Cheng, Ju Hsien Chou, Ya Hui Ou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Bonnet creates harmful network attacks nowadays. Lawbreaker may implant malware into victim machines using botnets and, furthermore, he employs fast-flux domain technology to improve the lifetime of botnets. To circumvent the detection of command and control server, a set of bots are selected to redirect malicious communication and hides botnet communication within normal user traffic. As the dynamics of fast-flux domains, blacklist mechanism is not efficient to prevent fast-flux botnet attacks. It would be time consuming to examine the legitimacy of the domain of all the network connections. Therefore, a lightweight detection of malicious fast-flux domains is desired. Based on the time-space behavior of malicious fast-flux domains, the network behavior of domains are formulistic in this study to reduce the time complexity of feature modeling. According to the experimental results, the malicious fast-flux domains collected from real networks are identified efficiently and the proposed solution outperforms the blacklists.

Original languageEnglish
Title of host publicationProceedings - 2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012
Pages72-79
Number of pages8
DOIs
Publication statusPublished - 2012 Dec 1
Event2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012 - Taipei, Taiwan
Duration: 2012 Dec 172012 Dec 20

Publication series

NameProceedings - International Symposium on Parallel Architectures, Algorithms and Programming, PAAP
ISSN (Print)2168-3034
ISSN (Electronic)2168-3042

Other

Other2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012
CountryTaiwan
CityTaipei
Period12-12-1712-12-20

All Science Journal Classification (ASJC) codes

  • Computational Theory and Mathematics
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Formulistic detection of malicious fast-flux domains'. Together they form a unique fingerprint.

Cite this