• DocumentCode
    3108541
  • Title

    Not so fast flux networks for concealing scam servers

  • Author

    Cochran, Theodore O. ; Cannady, James

  • fYear
    2010
  • fDate
    10-13 Oct. 2010
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    This work investigates the use of Fast Flux Service Networks as an element of the host infrastructure for illegal scam transaction servers referenced in spam email. The goal of the research is to better understand the dynamics, distinguishing features, and potential vulnerabilities of these networks in order to blacklist, block, or otherwise mitigate their effectiveness. This approach consists of active DNS and HTTP interrogation techniques for feature extraction. Results show that these proxy networks are both prevalent and discernible from legitimate high availability web sites. Monitoring of their DNS behavior over time reveals patterns and anomalies that may be exploitable.
  • Keywords
    Internet; Web sites; computer crime; computer network security; network servers; unsolicited e-mail; DNS interrogation technique; HTTP interrogation technique; Internet; Web sites; cyber crime; fast flux service networks; feature extraction; illegal scam transaction servers; proxy networks; spam email; Availability; Electronic mail; Feature extraction; IP networks; Relays; Servers; Web sites;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Risks and Security of Internet and Systems (CRiSIS), 2010 Fifth International Conference on
  • Conference_Location
    Montreal, QC
  • Print_ISBN
    978-1-4244-8641-0
  • Electronic_ISBN
    978-1-4244-8642-7
  • Type

    conf

  • DOI
    10.1109/CRISIS.2010.5764914
  • Filename
    5764914
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3108541