Fast-Flux Bot Detection in Real Time

11 years 8 months ago
Fast-Flux Bot Detection in Real Time
The fast-flux service network architecture has been widely adopted by bot herders to increase the productivity and extend the lifespan of botnets’ domain names. A fast-flux botnet is unique in that each of its domain names is normally mapped to different sets of IP addresses over time and legitimate users’ requests are handled by machines other than those contacted by users directly. Most existing methods for detecting fast-flux botnets rely on the former property. This approach is effective, but it requires a certain period of time, maybe a few days, before a conclusion can be drawn. In this paper, we propose a novel way to detect whether a web service is hosted by a fast-flux botnet in real time. The scheme is unique because it relies on certain intrinsic and invariant characteristics of fast-flux botnets, namely, 1) the request delegation model, 2) bots are not dedicated to malicious services, and 3) the hardware used by bots is normally inferior to that of dedicated serv...
Ching-Hsiang Hsu, Chun-Ying Huang, Kuan-Ta Chen
Added 30 Jan 2011
Updated 30 Jan 2011
Type Journal
Year 2010
Where RAID
Authors Ching-Hsiang Hsu, Chun-Ying Huang, Kuan-Ta Chen
Comments (0)