TY - JOUR
T1 - Genetic-based real-time fast-flux service networks detection
AU - Lin, Hui Tang
AU - Lin, Ying You
AU - Chiang, Jui Wei
N1 - Funding Information:
This work was supported by the National Science Council of Taiwan under Grant NSC 100-2218-E-006-030-MY3 . The authors thank Wei-Tsung Cheng for assisting with some portions of data collection.
PY - 2013/2/4
Y1 - 2013/2/4
N2 - A new DNS technique called Fast-Flux Service Network (FFSN) has been employed by bot herders to hide malicious activities and extend the lifetime of malicious root servers. Although various methods have been proposed for detecting FFSNs, these mechanisms have low detection accuracy and protracted detection time. This study presents a novel detection scheme, designated as the Genetic-based ReAl-time DEtection (GRADE) system, to identify FFSNs in real time. GRADE differentiates between FFSNs and benign services by employing two new characteristics: the entropy of domains of preceding nodes for all A records and the standard deviation of round trip time to all A records. By applying genetic algorithms, GRADE is able to find the best strategy to detect current FFSN trends. Empirical results show GRADE has very high detection accuracy (∼98%) and gives results within a few seconds. It provides considerable improvement over existing reference schemes such Flux-Score [8], SSFD [13], and FFSD [14].
AB - A new DNS technique called Fast-Flux Service Network (FFSN) has been employed by bot herders to hide malicious activities and extend the lifetime of malicious root servers. Although various methods have been proposed for detecting FFSNs, these mechanisms have low detection accuracy and protracted detection time. This study presents a novel detection scheme, designated as the Genetic-based ReAl-time DEtection (GRADE) system, to identify FFSNs in real time. GRADE differentiates between FFSNs and benign services by employing two new characteristics: the entropy of domains of preceding nodes for all A records and the standard deviation of round trip time to all A records. By applying genetic algorithms, GRADE is able to find the best strategy to detect current FFSN trends. Empirical results show GRADE has very high detection accuracy (∼98%) and gives results within a few seconds. It provides considerable improvement over existing reference schemes such Flux-Score [8], SSFD [13], and FFSD [14].
UR - http://www.scopus.com/inward/record.url?scp=84875215885&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84875215885&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2012.07.017
DO - 10.1016/j.comnet.2012.07.017
M3 - Article
AN - SCOPUS:84875215885
SN - 1389-1286
VL - 57
SP - 501
EP - 513
JO - Computer Networks
JF - Computer Networks
IS - 2
ER -