Referenced Items are not available for this document.
In this paper, we present FluxBuster, a novel passive DNS traffic analysis system for detecting and tracking malicious flux networks. FluxBuster applies large-scale monitoring of DNS traffic traces generated by recursive DNS (RDNS) servers located in hundreds of different networks scattered across several different geographical locations. Unlike most previous work, our detection approach is not limited to the analysis of suspicious domain names extracted from spam emails or precompiled domain blacklists. Instead, FluxBuster is able to detect malicious flux service networks in-the-wild, i.e., as they are "accessed” by users who fall victim of malicious content, independently of how this malicious content was advertised. We performed a long-term evaluation of our system spanning a period of about five months. The experimental results show that FluxBuster is able to accurately detect malicious flux networks with a low false positive rate. Furthermore, we show that in many cases FluxBuster is able to detect malicious flux domains several days or even weeks before they appear in public domain blacklists.
Published in:
Dependable and Secure Computing, IEEE Transactions on
(Volume:9
,
Issue:
5
)
Date of Publication: Sept.-Oct. 2012
- Page(s):
- 714 - 726
- ISSN :
- 1545-5971
- INSPEC Accession Number:
- 12879392
- Digital Object Identifier :
- 10.1109/TDSC.2012.35
- Product Type:
- Journals & Magazines
- Date of Publication :
- 03 April 2012
- Date of Current Version :
- 19 July 2012
- Issue Date :
- Sept.-Oct. 2012
- Sponsored by :
- IEEE Computer Society
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
