Measuring and Detecting Fast-Flux Service Networks 论文

摘要

We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs oc-cur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the prin-ciples of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies. 1