A Self-Healing, Self-Protecting Collaborative Intrusion Detection Architecture to Trace-Back Fast-Flux Phishing Domains

Millions of users divulge their personal information on phishing websites, which causes over a billion dollars loss every year. Phishing domain take-down is the most promising approach to address this security issue, since there will be nothing there for a misled user to see if the fraudulent website has been removed completely. A key part of the take-down procedure is phishing hosting system trace-back. Traditional phishing hosting machines can be identified relatively quickly by their public DNS name or directly if their IP address is embedded within spam email. This paper proposes a decentralized collaborative intrusion detection approach to address this defense challenge, which is based on Collaborative Intrusion Detection System (CIDS) architecture.