| Summary: | 碩士 === 國立暨南國際大學 === 資訊工程學系 === 99 === In this paper we proposed an active DNS detecting strategy, which can detect whether the domain make use of fast-flux or not. In the beginning, fast-flux is used to ensure the normal sites’ availability and scalability. However, in recent years, more and more cyber-criminals also use this technique to enhance their phishing sites’ or botnets’ availability and scalability. Previous studies focused on long term active detection with fast-flux, which will take few days or even months. In our studies, we adopt hidden Markov model (HMM) methods, which previously often used for speech recognition. Simulation results show that detect fast-flux with HMM methods can not only complete in several minutes or even hours but efficiently recognize domain whether to use fast-flux with the accuracy reach up to 95%.
|
|---|
