FluXOR: Detecting and Monitoring Fast-Flux Service Networks

  • Emanuele Passerini
  • Roberto Paleari
  • Lorenzo Martignoni
  • Danilo Bruschi
Conference paper

DOI: 10.1007/978-3-540-70542-0_10

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5137)
Cite this paper as:
Passerini E., Paleari R., Martignoni L., Bruschi D. (2008) FluXOR: Detecting and Monitoring Fast-Flux Service Networks. In: Zamboni D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2008. Lecture Notes in Computer Science, vol 5137. Springer, Berlin, Heidelberg

Abstract

Botnets are large groups of compromised machines (bots) used by miscreants for the most illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets, we have developed FluXOR, a system to detect and monitor fast-flux service networks. FluXOR monitoring and detection strategies entirely rely on the analysis of a set of features observable from the point of view of a victim of the scams perpetrated thorough botnets. We have been using FluXOR for about a month and so far we have detected 387 fast-flux service networks, totally composed by 31998 distinct compromised machines, which we believe to be associated with 16 botnets.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Emanuele Passerini
    • 1
  • Roberto Paleari
    • 1
  • Lorenzo Martignoni
    • 1
  • Danilo Bruschi
    • 1
  1. 1.Università degli Studi di Milano 

Personalised recommendations