Botnets are large groups of compromised machines (bots) used by miscreants for the most illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets, we have developed FluXOR, a system to detect and monitor fast-flux service networks. FluXOR monitoring and detection strategies entirely rely on the analysis of a set of features observable from the point of view of a victim of the scams perpetrated thorough botnets. We have been using FluXOR for about a month and so far we have detected 387 fast-flux service networks, totally composed by 31998 distinct compromised machines, which we believe to be associated with 16 botnets.

FluXOR : detecting and monitoring fast-flux service networks / E. Passerini, R. Paleari, L. Martignoni, D.M. Bruschi - In: Detection of Intrusions and Malware, and Vulnerability Assessment : 5th International Conference, DIMVA 2008, Paris, France, July 10-11, 2008. Proceedings / [a cura di] D. Zamboni. - Berlin : Springer, 2008 Jul. - ISBN 978-3-540-70541-3. - pp. 186-206 (( Intervento presentato al 5. convegno International Conference DIMVA tenutosi a Paris nel 2008 [10.1007/978-3-540-70542-0].

FluXOR : detecting and monitoring fast-flux service networks

E. Passerini;R. Paleari;L. Martignoni;D.M. Bruschi
2008

Abstract

Botnets are large groups of compromised machines (bots) used by miscreants for the most illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets, we have developed FluXOR, a system to detect and monitor fast-flux service networks. FluXOR monitoring and detection strategies entirely rely on the analysis of a set of features observable from the point of view of a victim of the scams perpetrated thorough botnets. We have been using FluXOR for about a month and so far we have detected 387 fast-flux service networks, totally composed by 31998 distinct compromised machines, which we believe to be associated with 16 botnets.
Settore INF/01 - Informatica
lug-2008
Security-Intrusion Detection and Response
German Informatics Society
Book Part (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/172792
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 90
  • ???jsp.display-item.citation.isi??? 56
social impact