Real-time Malicious Fast-flux Detection Using DNS and Bot Related Features

Provided by: Telecom Reporting Solution
Topic: Security
Format: PDF
In the context of the botnets, fast-flux refers to the strategy of hiding the C&C (Command and Control) servers. Such servers are crucial for the life cycle of the botnet. The idea is to place the servers behind proxy nodes using the DNS (Domain Name System) protocol to map the hidden servers. This way, botnet operators often increase the robustness of their C&C services by deploying and enabling complete fastflux service networks. The mapping of DNS names to IP addresses (e.g., via the A record of a DNS response) can change very quickly over the time, thereby making the botnet much more robust against countermeasures and failures of individual proxy nodes.

Find By Topic