TY - GEN
T1 - Formulistic detection of malicious fast-flux domains
AU - Chen, Chia Mei
AU - Cheng, Sheng-Tzong
AU - Chou, Ju Hsien
AU - Ou, Ya Hui
PY - 2012/12/1
Y1 - 2012/12/1
N2 - Bonnet creates harmful network attacks nowadays. Lawbreaker may implant malware into victim machines using botnets and, furthermore, he employs fast-flux domain technology to improve the lifetime of botnets. To circumvent the detection of command and control server, a set of bots are selected to redirect malicious communication and hides botnet communication within normal user traffic. As the dynamics of fast-flux domains, blacklist mechanism is not efficient to prevent fast-flux botnet attacks. It would be time consuming to examine the legitimacy of the domain of all the network connections. Therefore, a lightweight detection of malicious fast-flux domains is desired. Based on the time-space behavior of malicious fast-flux domains, the network behavior of domains are formulistic in this study to reduce the time complexity of feature modeling. According to the experimental results, the malicious fast-flux domains collected from real networks are identified efficiently and the proposed solution outperforms the blacklists.
AB - Bonnet creates harmful network attacks nowadays. Lawbreaker may implant malware into victim machines using botnets and, furthermore, he employs fast-flux domain technology to improve the lifetime of botnets. To circumvent the detection of command and control server, a set of bots are selected to redirect malicious communication and hides botnet communication within normal user traffic. As the dynamics of fast-flux domains, blacklist mechanism is not efficient to prevent fast-flux botnet attacks. It would be time consuming to examine the legitimacy of the domain of all the network connections. Therefore, a lightweight detection of malicious fast-flux domains is desired. Based on the time-space behavior of malicious fast-flux domains, the network behavior of domains are formulistic in this study to reduce the time complexity of feature modeling. According to the experimental results, the malicious fast-flux domains collected from real networks are identified efficiently and the proposed solution outperforms the blacklists.
UR - http://www.scopus.com/inward/record.url?scp=84877689031&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84877689031&partnerID=8YFLogxK
U2 - 10.1109/PAAP.2012.19
DO - 10.1109/PAAP.2012.19
M3 - Conference contribution
AN - SCOPUS:84877689031
SN - 9780769548982
T3 - Proceedings - International Symposium on Parallel Architectures, Algorithms and Programming, PAAP
SP - 72
EP - 79
BT - Proceedings - 2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012
T2 - 2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012
Y2 - 17 December 2012 through 20 December 2012
ER -