Fast-flux Service Networks Real-time Detection via Localized Spatial Geolocation Modeling

• Main Authors: Horng-Tzer Wang, 王宏澤
• Other Authors: Hahn-Ming Lee
• Format: Others
• Language: en_US
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/5ku698

碩士 === 國立臺灣科技大學 === 資訊工程系 === 100 === Fast-Flux Service Networks (FFSNs), broadly used by botnets, are an evasive technique for conducting malicious behavior via rapid activities. FFSN detection easily fails in the case of poor performance and causes a high incidence of false positives due to the similarity of an FFSN to a content distribution network (CDN), a normal behavior for load balance. In this study, we propose a localized spatial geolocation detection (LSGD) system for identifying FFSNs in real time. We believe that the grid distribution of LSGD possesses a precise spatial locating capability for profiling the spatial relations among IP address resolutions. Furthermore, autonomous system numbers (ASNs) are used for enhancing localized geographic characteristics. The proposed system, incorporating LSGD, ASNs, and the domain name system (DNS), can respond well to identify potential FFSNs. The results of our experiment show that the proposed LSGD system has a better detection capability than state-of-the-art spatial or temporal detection approaches, with a lower false positive rate in real-time detection than the approach based on a spatial snapshot alone.