Collaborative Detection of Fast Flux Phishing Domains

Free registration required

Executive Summary

Phishing is a significant security threat to users of Internet services. Nowadays, phishing has become more resilient to detection and trace-back with the invention of Fast Flux (FF) service networks. It proposes two approaches to correlate evidence from multiple DNS servers and multiple suspect FF domains. Real-world experiments show that correlation approaches speed-up FF domain detection, based on an analytical model that it proposes to quantify the number of DNS queries needed to confirm a FF domain. It also shows how correlation scheme can be implemented on a large scale by using a decentralized publishes-subscribe correlation model called LarSID, which is more scalable than a fully centralized architecture.

  • Format: PDF
  • Size: 755.5 KB