Tuesday, March 11, 2008

Paper: Measuring and Detecting Fast-Flux Service Networks

Via the Honeyblog.

We present the first empirical study [.pdf] of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability.

Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies.

More here.

posted by Fergie @ 3/11/2008 12:47:00 PM

0 Comments:

Post a Comment

<< Home