Formulistic detection of malicious fast-flux domains

Chia Mei Chen, Sheng-Tzong Cheng, Ju Hsien Chou, Ya Hui Ou

研究成果: Conference contribution

1 引文 斯高帕斯(Scopus)

摘要

Bonnet creates harmful network attacks nowadays. Lawbreaker may implant malware into victim machines using botnets and, furthermore, he employs fast-flux domain technology to improve the lifetime of botnets. To circumvent the detection of command and control server, a set of bots are selected to redirect malicious communication and hides botnet communication within normal user traffic. As the dynamics of fast-flux domains, blacklist mechanism is not efficient to prevent fast-flux botnet attacks. It would be time consuming to examine the legitimacy of the domain of all the network connections. Therefore, a lightweight detection of malicious fast-flux domains is desired. Based on the time-space behavior of malicious fast-flux domains, the network behavior of domains are formulistic in this study to reduce the time complexity of feature modeling. According to the experimental results, the malicious fast-flux domains collected from real networks are identified efficiently and the proposed solution outperforms the blacklists.

原文English
主出版物標題Proceedings - 2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012
頁面72-79
頁數8
DOIs
出版狀態Published - 2012 12月 1
事件2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012 - Taipei, Taiwan
持續時間: 2012 12月 172012 12月 20

出版系列

名字Proceedings - International Symposium on Parallel Architectures, Algorithms and Programming, PAAP
ISSN(列印)2168-3034
ISSN(電子)2168-3042

Other

Other2012 5th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2012
國家/地區Taiwan
城市Taipei
期間12-12-1712-12-20

All Science Journal Classification (ASJC) codes

  • 計算機理論與數學
  • 硬體和架構

指紋

深入研究「Formulistic detection of malicious fast-flux domains」主題。共同形成了獨特的指紋。

引用此