Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Measuring and detecting fast-flux service networks

 
: Holz, T.; Gorecki, C.; Rieck, K.; Freiling, F.

:
Volltext (PDF; )

Internet Society -ISOC-:
15th Network and Distributed System Security Symposium, NDSS 2008. Proceedings : February 10 - 13, 2008, San Diego, California
Reston, VA: Internet Society, 2008
ISBN: 1-89156-226-6
ISBN: 978-1-89156-226-6
ISBN: 1-891562-25-8
12 S.
Network and Distributed System Security Symposium (NDSS) <15, 2008, San Diego/Calif.>
Englisch
Konferenzbeitrag, Elektronische Publikation
Fraunhofer FIRST ()

Abstract
We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widely known phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies.

: http://publica.fraunhofer.de/dokumente/N-107238.html