Fast flux service networks detection model
Fast flux service networks (FFSNs) architecture employ DNS approach to establish a multi layer network on compromised machines to host their illegal online services. This architecture enables frequent change of IP addresses and name servers which frustrate the trace back and web taken down from the...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2010
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-utm-ep.16426 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-utm-ep.164262017-08-20T01:52:55Z Fast flux service networks detection model 2010 Salleh , Mohd. Zaim QA75 Electronic computers. Computer science Fast flux service networks (FFSNs) architecture employ DNS approach to establish a multi layer network on compromised machines to host their illegal online services. This architecture enables frequent change of IP addresses and name servers which frustrate the trace back and web taken down from the authorities. On internal network, the FFSNs can be detected via analysis on DNS data traffic monitoring. The DNS resource records can be passively collected by replicating the logged queries and requests on the collectors. These data can be use as a significant feature for detecting FFSN by filtering and classifying them. The potential candidate domain grouped for clustering by tagging with the similarity of their behaviour. The proposed detection mechanism can be integrated with other monitoring and detection tools for further increase and tighten up the network security. 2010 Thesis http://eprints.utm.my/id/eprint/16426/ http://libraryopac.utm.my/client/en_AU/main/search/detailnonmodal/ent:$002f$002fSD_ILS$002f0$002fSD_ILS:396407/one?qu=Fast+flux+service+networks+detection+model masters Universiti Teknologi Malaysia, Faculty of Computer Science and Information System Faculty of Computer Science and Information System |
| institution |
Universiti Teknologi Malaysia |
| collection |
UTM Institutional Repository |
| topic |
QA75 Electronic computers Computer science |
| spellingShingle |
QA75 Electronic computers Computer science Salleh , Mohd. Zaim Fast flux service networks detection model |
| description |
Fast flux service networks (FFSNs) architecture employ DNS approach to establish a multi layer network on compromised machines to host their illegal online services. This architecture enables frequent change of IP addresses and name servers which frustrate the trace back and web taken down from the authorities. On internal network, the FFSNs can be detected via analysis on DNS data traffic monitoring. The DNS resource records can be passively collected by replicating the logged queries and requests on the collectors. These data can be use as a significant feature for detecting FFSN by filtering and classifying them. The potential candidate domain grouped for clustering by tagging with the similarity of their behaviour. The proposed detection mechanism can be integrated with other monitoring and detection tools for further increase and tighten up the network security. |
| format |
Thesis |
| qualification_level |
Master's degree |
| author |
Salleh , Mohd. Zaim |
| author_facet |
Salleh , Mohd. Zaim |
| author_sort |
Salleh , Mohd. Zaim |
| title |
Fast flux service networks detection model |
| title_short |
Fast flux service networks detection model |
| title_full |
Fast flux service networks detection model |
| title_fullStr |
Fast flux service networks detection model |
| title_full_unstemmed |
Fast flux service networks detection model |
| title_sort |
fast flux service networks detection model |
| granting_institution |
Universiti Teknologi Malaysia, Faculty of Computer Science and Information System |
| granting_department |
Faculty of Computer Science and Information System |
| publishDate |
2010 |
| _version_ |
1747815040134676480 |