English  |  正體中文  |  简体中文  |  Items with full text/Total items : 27320/39164
Visitors : 2475542      Online Users : 32
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ntour.ntou.edu.tw:8080/ir/handle/987654321/27924

Title: Fast-Flux Bot Detection in Real Time
Authors: Ching-Hsiang Hsu;Chun-Ying Huang;Kuan-Ta Chen
Contributors: NTOU:Department of Computer Science and Engineering
國立臺灣海洋大學:資訊工程學系
Keywords: Botnet;Request delegation;Document fetch delay;Processing delay;Internet measurement;Supervised classification
Date: 2010
Issue Date: 2011-10-21T02:34:31Z
Publisher: Proceedings of International Symposium on Recent Advances in Intrusion Detection (RAID-2010)
Abstract: Abstract:The fast-flux service network architecture has been widely adopted by bot herders to increase the productivity and extend the lifespan of botnets' domain names. A fast-flux botnet is unique in that each of its domain names is normally mapped to different sets of IP addresses over time and legitimate users' requests are handled by machines other than those contacted by users directly. Most existing methods for detecting fast-flux botnets rely on the former property. This approach is effective, but it requires a certain period of time, maybe a few days, before a conclusion can be drawn.
In this paper, we propose a novel way to detect whether a web service is hosted by a fast-flux botnet in real time. The scheme is unique because it relies on certain intrinsic and invariant characteristics of fast-flux botnets, namely, 1) the request delegation model, 2) bots are not dedicated to malicious services, and 3) the hardware used by bots is normally inferior to that of dedicated servers. Our empirical evaluation results show that, using a passive measurement approach, the proposed scheme can detect fast-flux bots in a few seconds with more than 96% accuracy, while the false positive/negative rates are both lower than 5%.
Relation: pp.464-483
URI: http://ntour.ntou.edu.tw/handle/987654321/27924
Appears in Collections:[資訊工程學系] 期刊論文

Files in This Item:

File Description SizeFormat
index.html0KbHTML231View/Open


All items in NTOUR are protected by copyright, with all rights reserved.

 


著作權政策宣告: 本網站之內容為國立臺灣海洋大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,請合理使用本網站之內容,以尊重著作權人之權益。
網站維護: 海大圖資處 圖書系統組
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback