Fast-Flux Service Network Detection Based on Spatial Snapshot Mechanism for Delay-Free Detection

Date Added: Apr 2010
Format: PDF

Capturing Fast-Flux Service Networks (FFSNs) by temporal variances is an intuitive way for seeking to identify rapid changes of DNS records. Unfortunately, the features regard to temporal variances would lead to the delay detection (more than one hour) of FFSN which could cause more damages, such as Botnet propagation and malware delivery. In this paper, the authors proposed a delay-free detection system, Spatial Snapshot Fast-flux Detection system (SSFD), for identifying FFSN in real time and alleviating these potential damages. SSFD is capable to capture the geographical pattern of hosts as well as mapping IP addresses in a DNS response into geographic coordinate system for revealing FFSNs at the moment.