首页> 外文期刊>Dependable and Secure Computing, IEEE Transactions on >Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis
【24h】

Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis

机译:通过大规模被动DNS流量分析及早发现恶意通量网络

获取原文
获取原文并翻译 | 示例

摘要

In this paper, we present FluxBuster, a novel passive DNS traffic analysis system for detecting and tracking malicious flux networks. FluxBuster applies large-scale monitoring of DNS traffic traces generated by recursive DNS (RDNS) servers located in hundreds of different networks scattered across several different geographical locations. Unlike most previous work, our detection approach is not limited to the analysis of suspicious domain names extracted from spam emails or precompiled domain blacklists. Instead, FluxBuster is able to detect malicious flux service networks in-the-wild, i.e., as they are "accessed” by users who fall victim of malicious content, independently of how this malicious content was advertised. We performed a long-term evaluation of our system spanning a period of about five months. The experimental results show that FluxBuster is able to accurately detect malicious flux networks with a low false positive rate. Furthermore, we show that in many cases FluxBuster is able to detect malicious flux domains several days or even weeks before they appear in public domain blacklists.
机译:在本文中,我们介绍了FluxBuster,这是一种用于检测和跟踪恶意流量网络的新型被动DNS流量分析系统。 FluxBuster对由位于多个不同地理位置的数百个不同网络中的递归DNS(RDNS)服务器生成的DNS流量跟踪进行大规模监视。与以往的大多数工作不同,我们的检测方法不仅限于分析从垃圾邮件或预编译的域名黑名单中提取的可疑域名。相反,FluxBuster能够在野外检测恶​​意的流量服务网络,即,成为恶意内容受害者的用户可以“访问”它们,而与这些恶意内容的广告方式无关,我们进行了长期评估我们的系统跨越了大约五个月的时间,实验结果表明FluxBuster能够以较低的误报率准确检测恶意流量网络,此外,我们还表明,在许多情况下,FluxBuster都能在几天内检测到恶意流量域甚至在它们出现在公共领域黑名单之前的几周。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号