Fast-Flux Service Networks (FFSN) Detection Based on DNS MX Record

• Main Authors: Tsung-en Huang, 黃宗恩
• Other Authors: Tung-ming Koo
• Format: Others
• Language: zh-TW
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/67451821200819479758

碩士 === 國立雲林科技大學 === 資訊管理系碩士班 === 100 === During recent decades, the explosive development of the Internet brings a remarkable advance in information exchange. Hence, people’s daily life and commercial activities rely on the Internet much tremendously. More and more hackers try to gain enormous illegal profits by such illegitimate invasion and attack approaches. For instance, Fast-Flux Service Networks is one of emerging attack technologies, which is used to invade the system through combining the RR-DNS technology (Round Robin DNS) of DNS. Fast-Flux can protect malicious websites by keeping changing the IP address of the Mothership. In most cases, naïve users’ computers are usually the attack targets so the damage is getting worse with each passing day. Therefore, this study uses FFSN characterization and original features as detection patterns to construct a detection system. The data from ATLAS and ALEXA are tested to evaluate the detection rate and accuracy of the proposed system. Finally, through the analysis of the detection effectiveness after features mapping, the best solution can be found as the future detection pattern.