Behavioral analysis and visualization of Fast-Flux DNS
Today, a growing, sophisticated technique called Fast-Flux Service Networks (FFSN) poses a major problem to Internet security. They are increasingly used in many illegal practices including money mule recruitment sites, distribution of malware downloads, illegal adult content, and other forms of Int...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/28616/1/06298838.pdf http://irep.iium.edu.my/28616/ http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6298838&tag=1 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.iium.irep.28616 |
|---|---|
| record_format |
dspace |
| spelling |
my.iium.irep.286162013-02-13T10:16:48Z http://irep.iium.edu.my/28616/ Behavioral analysis and visualization of Fast-Flux DNS A. Kadir, Andi Fitria R. Othman, R. Azrina A. Aziz, Normaziah QA75 Electronic computers. Computer science Today, a growing, sophisticated technique called Fast-Flux Service Networks (FFSN) poses a major problem to Internet security. They are increasingly used in many illegal practices including money mule recruitment sites, distribution of malware downloads, illegal adult content, and other forms of Internet fraud. Essentially, FFSN were first used as a Domain Name Server (DNS) switching mechanism that combine distributed command and control, web-based load balancing, and proxy redirection. However, cyber criminals are applying various techniques to subvert detection, retain uptime of their information infrastructure and maximize their financial gain. Hence, this paper proposed to analyze and visualize the behavior of FFSN in order to facilitate FFSN detection. In this study, we collect, classify and monitor over500 domains and by scrutinizing and visualizing the trained data, we discover the new types of fluxing designated as NSName-Flux(NF). The analysis results of NF exposed that FFSN have become extensively sophisticated and dynamic. This exemplifies that visualization is an alternative and effective data exploration method for understanding the complex behaviors of FFSN. 2012-08-22 Conference or Workshop Item REM application/pdf en http://irep.iium.edu.my/28616/1/06298838.pdf A. Kadir, Andi Fitria and R. Othman, R. Azrina and A. Aziz, Normaziah (2012) Behavioral analysis and visualization of Fast-Flux DNS. In: Intelligence and Security Informatics Conference (EISIC), 2012 European, 22 - 24 August, 2012, Odense, Denmark. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6298838&tag=1 |
| institution |
Universiti Islam Antarabangsa Malaysia |
| building |
IIUM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
International Islamic University Malaysia |
| content_source |
IIUM Repository (IREP) |
| url_provider |
http://irep.iium.edu.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science A. Kadir, Andi Fitria R. Othman, R. Azrina A. Aziz, Normaziah Behavioral analysis and visualization of Fast-Flux DNS |
| description |
Today, a growing, sophisticated technique called Fast-Flux Service Networks (FFSN) poses a major problem to Internet security. They are increasingly used in many illegal practices including money mule recruitment sites, distribution of malware downloads, illegal adult content, and other forms of Internet fraud. Essentially, FFSN were first used as a Domain Name Server (DNS) switching mechanism that combine distributed command and control, web-based load balancing, and proxy redirection. However, cyber criminals are applying various techniques to subvert detection, retain uptime of their information infrastructure and maximize their financial gain. Hence, this paper proposed to analyze and visualize the behavior of FFSN in order to facilitate FFSN detection. In this study, we collect, classify and monitor over500 domains and by scrutinizing and visualizing the trained data, we discover the new types of fluxing designated as NSName-Flux(NF). The analysis results of NF exposed that FFSN have become extensively sophisticated and dynamic. This exemplifies that visualization is an alternative and effective data exploration method for understanding the complex behaviors of FFSN. |
| format |
Conference or Workshop Item |
| author |
A. Kadir, Andi Fitria R. Othman, R. Azrina A. Aziz, Normaziah |
| author_facet |
A. Kadir, Andi Fitria R. Othman, R. Azrina A. Aziz, Normaziah |
| author_sort |
A. Kadir, Andi Fitria |
| title |
Behavioral analysis and visualization of Fast-Flux DNS |
| title_short |
Behavioral analysis and visualization of Fast-Flux DNS |
| title_full |
Behavioral analysis and visualization of Fast-Flux DNS |
| title_fullStr |
Behavioral analysis and visualization of Fast-Flux DNS |
| title_full_unstemmed |
Behavioral analysis and visualization of Fast-Flux DNS |
| title_sort |
behavioral analysis and visualization of fast-flux dns |
| publishDate |
2012 |
| url |
http://irep.iium.edu.my/28616/1/06298838.pdf http://irep.iium.edu.my/28616/ http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6298838&tag=1 |
| _version_ |
1643609529165807616 |
| score |
13.211869 |