Academic
Publications
Measurement and analysis of global IP-usage patterns of fast-flux botnets

Measurement and analysis of global IP-usage patterns of fast-flux botnets,10.1109/INFCOM.2011.5935091,Xin Hu,Matthew Knysz,Kang G. Shin

Measurement and analysis of global IP-usage patterns of fast-flux botnets  
BibTex | RIS | RefWorks Download
This paper considers the global IP-usage patterns exhibited by different types of malicious and benign domains, with a focus on single and double fast-flux domains. We have developed and deployed a lightweight DNS probing engine, called DIGGER, on 240 PlanetLab nodes spanning 4 continents. Col- lecting DNS data for over 3.5 months on a plethora of domains, our global vantage points enabled us to identify distinguishing behavioral features between them based on their DNS-query results. To help us analyze the enormous amount of data, we have quantified these features and designed an effective classifier capable of accurately discriminating between different types of domains. Applying the classifier on the 3.5-month DNS data allows us to reveal the relative prevalence of different fast-flux domains and conduct detailed studies on them separately. These results provide insight into the current global state of fast-flux botnets and their range in implementation, revealing potential trends for botnet-based services. We also uncover previously- unseen domains whose name servers alone demonstrate fast-flux behavior and a new, cautious IP management strategy currently employed by criminals to evade detection. I. INTRODUCTION
Conference: IEEE INFOCOM - INFOCOM , pp. 2633-2641, 2011
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.