• home
• current students
• graduate
• events

Presenter: David Zhao
Supervisor: Dr. Issa Traore

Date: Tue, September 4, 2012
Time: 14:30:00 - 00:00:00
Place: EOW 430

ABSTRACT

ABSTRACT:

A recent development in botnet technology is the adoption of Fast Flux Service Networks (FFSNs) to improve resilience for the underlying malicious network. FFSNs give botnets the ability to quickly recover from shutdown attempts and allows it to hide the true extent of its underlying topology. The prevalence of legitimate, non-malicious networks which also adopt FFSNs techniques has further exacerbated the problem of detection, with malicious FFSNs frequently being indistinguishable from non-malicious FFSNs based on casual observation. We propose a new detection approach by identifying FFSNs and differentiating them between malicious and non-malicious networks by examining multiple metrics obtained via DNS, whois, and other queries. Metrics computed from these queries are analyzed using a machine learning algorithm which can classify the network as malicious or non-malicious with extremely high accuracy.