Cargando…
Fast Flux Watch: A mechanism for online detection of fast flux networks
Fast flux networks represent a special type of botnets that are used to provide highly available web services to a backend server, which usually hosts malicious content. Detection of fast flux networks continues to be a challenging issue because of the similar behavior between these networks and oth...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Elsevier
2014
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4294749/ https://www.ncbi.nlm.nih.gov/pubmed/25685515 http://dx.doi.org/10.1016/j.jare.2014.01.002 |
| _version_ | 1782352762425573376 |
|---|---|
| author | Al-Duwairi, Basheer N. Al-Hammouri, Ahmad T. |
| author_facet | Al-Duwairi, Basheer N. Al-Hammouri, Ahmad T. |
| author_sort | Al-Duwairi, Basheer N. |
| collection | PubMed |
| description | Fast flux networks represent a special type of botnets that are used to provide highly available web services to a backend server, which usually hosts malicious content. Detection of fast flux networks continues to be a challenging issue because of the similar behavior between these networks and other legitimate infrastructures, such as CDNs and server farms. This paper proposes Fast Flux Watch (FF-Watch), a mechanism for online detection of fast flux agents. FF-Watch is envisioned to exist as a software agent at leaf routers that connect stub networks to the Internet. The core mechanism of FF-Watch is based on the inherent feature of fast flux networks: flux agents within stub networks take the role of relaying client requests to point-of-sale websites of spam campaigns. The main idea of FF-Watch is to correlate incoming TCP connection requests to flux agents within a stub network with outgoing TCP connection requests from the same agents to the point-of-sale website. Theoretical and traffic trace driven analysis shows that the proposed mechanism can be utilized to efficiently detect fast flux agents within a stub network. |
| format | Online Article Text |
| id | pubmed-4294749 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2014 |
| publisher | Elsevier |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-42947492015-02-14 Fast Flux Watch: A mechanism for online detection of fast flux networks Al-Duwairi, Basheer N. Al-Hammouri, Ahmad T. J Adv Res Original Article Fast flux networks represent a special type of botnets that are used to provide highly available web services to a backend server, which usually hosts malicious content. Detection of fast flux networks continues to be a challenging issue because of the similar behavior between these networks and other legitimate infrastructures, such as CDNs and server farms. This paper proposes Fast Flux Watch (FF-Watch), a mechanism for online detection of fast flux agents. FF-Watch is envisioned to exist as a software agent at leaf routers that connect stub networks to the Internet. The core mechanism of FF-Watch is based on the inherent feature of fast flux networks: flux agents within stub networks take the role of relaying client requests to point-of-sale websites of spam campaigns. The main idea of FF-Watch is to correlate incoming TCP connection requests to flux agents within a stub network with outgoing TCP connection requests from the same agents to the point-of-sale website. Theoretical and traffic trace driven analysis shows that the proposed mechanism can be utilized to efficiently detect fast flux agents within a stub network. Elsevier 2014-07 2014-01-17 /pmc/articles/PMC4294749/ /pubmed/25685515 http://dx.doi.org/10.1016/j.jare.2014.01.002 Text en © 2014 Production and hosting by Elsevier B.V. http://creativecommons.org/licenses/by-nc-nd/3.0/ This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/). |
| spellingShingle | Original Article Al-Duwairi, Basheer N. Al-Hammouri, Ahmad T. Fast Flux Watch: A mechanism for online detection of fast flux networks |
| title | Fast Flux Watch: A mechanism for online detection of fast flux networks |
| title_full | Fast Flux Watch: A mechanism for online detection of fast flux networks |
| title_fullStr | Fast Flux Watch: A mechanism for online detection of fast flux networks |
| title_full_unstemmed | Fast Flux Watch: A mechanism for online detection of fast flux networks |
| title_short | Fast Flux Watch: A mechanism for online detection of fast flux networks |
| title_sort | fast flux watch: a mechanism for online detection of fast flux networks |
| topic | Original Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4294749/ https://www.ncbi.nlm.nih.gov/pubmed/25685515 http://dx.doi.org/10.1016/j.jare.2014.01.002 |
| work_keys_str_mv | AT alduwairibasheern fastfluxwatchamechanismforonlinedetectionoffastfluxnetworks AT alhammouriahmadt fastfluxwatchamechanismforonlinedetectionoffastfluxnetworks |