Fast-flux botnet detection from network traffic

Paul, Tuhin; Tyagi, Rohit; Manoj, B. S.; Thanudas, B.

doi:10.1109/indicon.2014.7030393

Cited by 9 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several pieces of information can be extracted from the network traffic for the aim of solving several network-related problems, especially for the problem of the fast flux botnet. The network traffic consists of non-DNS traffic and DNS ones like the ones in Al-Duwairi and Al-Hammouri (2014) and Paul et al (2014). The huge amount of data travelling via the router and the speed shall lead to causing problems for any proposed system.…”

Section: Router-based Detection Methodsmentioning

confidence: 99%

Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm

Almomani

Nawasrah

Meziane

et al. 2021

IJAHUC

View full text Add to dashboard Cite

A botnet refers to a group of machines. These machines are controlled distantly by a specific attacker. It represents a threat facing the web and data security. Fast-flux service network (FFSN) has been engaged by bot herders for cover malicious botnet activities. It has been engaged by bot herders for increasing the lifetime of malicious servers through changing the IP addresses of the domain name quickly. In the present research, we aimed to propose a new system. This system is named fast flux botnet catcher system (FFBCS). This system can detect FF-domains in an online mode using an adaptive dynamic evolving spiking neural network algorithm. Comparing with two other related approaches the proposed system shows a high level of detection accuracy, low false positive and negative rates, respectively. It shows a high performance. The algorithm's proposed adaptation increased the accuracy of the detection. For instance, this accuracy reached (98.76%) approximately.

show abstract

Section: Router-based Detection Methodsmentioning

confidence: 99%

Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm

Almomani

Nawasrah

Meziane

et al. 2021

IJAHUC

View full text Add to dashboard Cite

show abstract

“…Various information extracted from network traffic to solve several network problems, generally and particularly for the fast -flux botnet problem. Network traffic comprises both DNS traffic and non-DNS traffic such in [10,11] However, the speed and the large amount of data passing through the router cause problems to any proposed systems: high false rates based on the concept of a fast detection of FF botnets, memory problems (databases) with regard to handling large traffic data flows, and scalability problem. Therefore, detecting fast flux botnets and particularly zero-day domains at this part of the network is not an easy task.…”

Section: B Router-based Detection Methodsmentioning

confidence: 99%

Fast flux botnet detection framework using adaptive dynamic evolving spiking neural network algorithm

Al-Nawasrah

Almomani

Meziane

et al. 2018

2018 9th International Conference on Information and Communication Systems (ICICS)

View full text Add to dashboard Cite

A botnet, a set of compromised machines controlled distantly by an attacker, is the basis of numerous security threats around the world. Command and Control servers are the backbones of botnet communications, where the bots and botmasters send report and attack orders to each other. Botnets are also categorized according to their C&C protocols. A Domain Name System method known as Fast-Flux Service Network (FFSN)-a special type of botnet-has been engaged by bot herders to cover malicious botnet activities and increase the lifetime of malicious servers by quickly changing the IP addresses of the domain name over time. Although several methods have been suggested for detecting FFSNs, they have low detection accuracy especially with zero-day domain. In this research, we propose a new system called Fast Flux Killer System (FFKS) that has the ability to detect FF-Domains in online mode with an implementation constructed on Adaptive Dynamic evolving Spiking Neural Network (ADeSNN). The proposed system proved its ability to detect FF domains in online mode with high detection accuracy (98.77%) compare with other algorithms, with low false positive and negative rates respectively. It is also proved a high level of performance. Additionally, the proposed adaptation of the algorithm enhanced and helped in the parameters customization process.

show abstract

“…On the other hand, information about legal flux service is more genuine detailed. Consequently, a fast-flux attack holds the following poor quality (Al-Duwairi and Al-Hammouri, 2014; Celik & Oktug, 2013;Futai, Siyu, & Weixiong, 2013;Gržnić, Perhoč, Marić, Vlašić, & Kulcsar, 2014;Hao et al, 2011;Hsu, Huang, & Chen, 2010;Hsu et al, 2014, Huang, Mao, & Lee, 2010Khattak, Ramay, Khan, Syed, & Khayam, 2014;Lin, Lin, & Chiang, 2013;Mahjoub, 2013;Martinez-Bea, Castillo-Perez, & GarciaAlfaro, 2013;Paul, Tyagi, Manoj, & Thanudas, 2014;Shen, Wu, Yang, & Huang, 2013;Stalmans, Hunter, & Irwin, 2012;Wang, Mao, Wu, & Lee, 2012;Yadav, Reddy, Narasimha Reddy, & Ranjan, 2012):…”

Section: Characterizing Fast-flux Attackmentioning

confidence: 99%

“…Some researchers apply these techniques in detecting the fast-flux attacking network (Kadir, Othman, & Aziz, 2012;Perdisci, Corona, & Giacinto, 2012).These works focus on the comprehensive and effective usage of the existing metrics rather than on finding new signatures. Among these machine learning methods, the results vary significantly (Mahjoub, 2013;Paul et al, 2014;Wu, Zhang, Liang, Qu, & Ni, 2010). In generally, linear regression system works worst.…”

Section: The Work About Machine Learning For Detectionmentioning

confidence: 99%

A Survey on Fast-flux Attacks

Zhou

2015

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

Fast-flux" refers to rapidly assigning different IP addresses to the same domain name. Although there are some legitimate uses for this technique, recently it has become a favorite tool for cyber criminals to launch collaborative attacks. After it was first observed by Honeynet, it was reported that fast-flux has been used in phishing, malware spreading, spam, and other malicious activities linked to criminal organizations. Combining with peer-to-peer networking, distributed command and control, web-based load balancing, and proxy redirection, fast-flux makes Internet attacks more resistant to discovery and counter-measure. This article aims at giving a comprehensive survey on fast-flux attacks. Some important issues including technical background, classification, characterization, measurement and detection, and mitigation are discussed. Challenges of detecting and mitigating fast-flux attack are also pointed out.

show abstract

Fast-flux botnet detection from network traffic

Cited by 9 publications

References 7 publications

Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm

Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm

Fast flux botnet detection framework using adaptive dynamic evolving spiking neural network algorithm

A Survey on Fast-flux Attacks

Contact Info

Product

Resources

About