Abstract
This work investigates the use of Fast Flux Service Networks as an element of the host infrastructure for illegal scam transaction servers referenced in spam email. The goal of the research is to better understand the dynamics, distinguishing features, and potential vulnerabilities of these networks in order to blacklist, block, or otherwise mitigate their effectiveness. This approach consists of active DNS and HTTP interrogation techniques for feature extraction. Results show that these proxy networks are both prevalent and discernible from legitimate high availability web sites. Monitoring of their DNS behavior over time reveals patterns and anomalies that may be exploitable.
| Original language | American English |
|---|---|
| Title of host publication | Proceedings of the Fifth International Conference on Risks and Security of Internet Systems |
| DOIs | |
| State | Published - Oct 1 2010 |
| Event | Fifth International Conference on Risks and Security of Internet Systems - Duration: Oct 1 2010 → … |
Conference
| Conference | Fifth International Conference on Risks and Security of Internet Systems |
|---|---|
| Period | 10/1/10 → … |
Disciplines
- Computer Sciences