Hsu et al., 2010 - Google Patents
Fast-flux bot detection in real timeHsu et al., 2010
View PDF- Document ID
- 15541686347952191644
- Author
- Hsu C
- Huang C
- Chen K
- Publication year
- Publication venue
- Recent Advances in Intrusion Detection: 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010. Proceedings 13
External Links
Snippet
The fast-flux service network architecture has been widely adopted by bot herders to increase the productivity and extend the lifespan of botnets' domain names. A fast-flux botnet is unique in that each of its domain names is normally mapped to different sets of IP …
- 238000001514 detection method 0 title description 32
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/12—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
- H04L29/12009—Arrangements for addressing and naming in data networks
- H04L29/12047—Directories; name-to-address mapping
- H04L29/12056—Directories; name-to-address mapping involving standard directories and standard directory access protocols
- H04L29/12066—Directories; name-to-address mapping involving standard directories and standard directory access protocols using Domain Name System [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements or network protocols for addressing or naming
- H04L61/15—Directories; Name-to-address mapping
- H04L61/1505—Directories; Name-to-address mapping involving standard directories or standard directory access protocols
- H04L61/1511—Directories; Name-to-address mapping involving standard directories or standard directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hsu et al. | Fast-flux bot detection in real time | |
| Whyte et al. | DNS-based Detection of Scanning Worms in an Enterprise Network. | |
| Choi et al. | BotGAD: detecting botnets by capturing group activities in network traffic | |
| Qian et al. | Off-path TCP sequence number inference attack-how firewall middleboxes reduce security | |
| US12069092B2 (en) | Network security attack detection and mitigation solution using honeypots | |
| Ndatinya et al. | Network forensics analysis using Wireshark | |
| Jin et al. | Hop-count filtering: an effective defense against spoofed DDoS traffic | |
| Aceto et al. | Internet censorship detection: A survey | |
| US9635043B1 (en) | Method and apparatus for causing a delay in processing requests for internet resources received from client devices | |
| Kondracki et al. | Catching transparent phish: Analyzing and detecting mitm phishing toolkits | |
| Jin et al. | Design of detecting botnet communication by monitoring direct outbound DNS queries | |
| Hudaib et al. | DNS advanced attacks and analysis | |
| Hsu et al. | Detect fast-flux domains through response time differences | |
| Sornalakshmi | Detection of DoS attack and zero day threat with SIEM | |
| Aamir et al. | Ddos attack and defense: Review of some traditional and current techniques | |
| Jeyanthi | Internet of things (IoT) as interconnection of threats (IoT) | |
| Kondracki et al. | The droid is in the details: Environment-aware evasion of android sandboxes | |
| Prieto et al. | Botnet detection based on DNS records and active probing | |
| KR101124615B1 (en) | Apparatus and methdd of searching group activity malicious code | |
| Mendes et al. | Analysis of iot botnet architectures and recent defense proposals | |
| Whyte et al. | Exposure Maps: Removing Reliance on Attribution During Scan Detection. | |
| Zhang et al. | Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers | |
| Anbar et al. | Investigating study on network scanning techniques | |
| Bellaïche et al. | SYN flooding attack detection by TCP handshake anomalies | |
| Sivabalan et al. | Detecting IoT zombie attacks on web servers |