Measuring and detecting Fast-Flux service networks
(Publication) Google search: [1]
| Measuring and detecting Fast-Flux service networks | |
|---|---|
| Botnet | Storm |
| Malware | Storm Worm |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2008 / |
| Editor/Conference | University of Mannheim & Fraunhofer FIRST |
| Link | http://pi1.informatik.uni-mannheim.de/filepool/publications/fast-flux-ndss08.pdf uni-mannheim.de (pdf) (uni-mannheim.de (pdf) Archive copy) |
| Author | Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix C. Freiling |
| Type | |
Abstract
“ We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2008BFR903,
editor = {University of Mannheim & Fraunhofer FIRST},
author = {Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix C. Freiling},
title = {Measuring and detecting Fast-Flux service networks},
date = {25},
month = Apr,
year = {2008},
howpublished = {\url{http://pi1.informatik.uni-mannheim.de/filepool/publications/fast-flux-ndss08.pdf uni-mannheim.de (pdf)}},
}