Detecting Malicious Flux Service Networks Through Passive Analysis of Recursive DNS Traces
Source: Georgia Institute of Technology
In this paper, the authors propose a novel, passive approach for detecting and tracking malicious flux service networks. Their detection system is based on passive analysis of Recursive DNS (RDNS) traffic traces collected from multiple large networks. Contrary to previous work, their approach is not limited to the analysis of suspicious domain names extracted from spam emails or pre-compiled domain blacklists. Instead, their approach is able to detect malicious flux service networks in-the-wild, i.e., as they are accessed by users who fall victims of malicious content advertised through blog spam, instant messaging spam, social website spam, etc., beside email spam.