Title :
Fast-flux attack network identification based on agent lifespan
Author :
Yu, Sheng ; Zhou, Shijie ; Wang, Sha
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
Abstract :
Fast-flux refers to rapidly changing the mapping between IP address and domain name. Although some benign uses with this technique are known, it currently has become a favorite tool for cyber criminals to launch collaborative attacks, such as phishing, pharming, and malware spreading. While the legal fast-flux networks and the malicious ones hold some same features, such as short TTL and large IP pool, it is hard to distinguish them. In this paper we propose a novel way to deal with the fast-flux attack identification issue. We try to measure the service availability of the agents in the fast-flux network to identify the malicious fast-flux. This is the first time that researchers observe the fast-flux network in terms of service availability. We develop some metrics on the service availability. And the observation results show the metrics are useful.
Keywords :
Availability; Collaborative tools; Computer crime; Computer science; Content based retrieval; IP networks; Law; Legal factors; Network servers; Web server; fast-flux attack; fast-flux attack network; fast-flux service networks; network security;
Conference_Titel :
Wireless Communications, Networking and Information Security (WCNIS), 2010 IEEE International Conference on
Conference_Location :
Beijing, China
Print_ISBN :
978-1-4244-5850-9
DOI :
10.1109/WCINS.2010.5541861
