English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 94201/94201 (100%)
造訪人次 : 81501104      線上人數 : 2975
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: https://ir.lib.ncu.edu.tw/handle/987654321/106594


    題名: Detect fast-flux domains through response time differences
    作者: 許富皓;Hsu, Fu-Hau;Wang, Chuan-Sheng;Hsu, Chi-Hsien;Tso, Chang-Kuo;Chen, Li-Han;Lin, Song-Hui
    貢獻者: 資訊電機學院資訊工程學系
    關鍵詞: Equations;Internet appliances;IP networks;Mathematical model;Measurement;Servers;Time factors;Training
    日期: 2014-10-01
    上傳時間: 2026-04-23 13:30:32 (UTC+8)
    出版者: Institute of Electrical and Electronics Engineers Inc.;New York: IEEE
    摘要: 摘要: A fast-flux service network (FFSN) uses dynamic DNS to map a dynamic domain, called fast-flux domain (FF domain), to various IP addresses and uses flux bots to redirect network traffic. Due to its powerful capability to conceal the hosts hidden behind the flux bots, FFSNs are widely adopted by attackers to cover various scams. Although diverse promising solutions have been proposed to detect FF domains, they face the same problem-different countermeasures could be used to bypass their detection. Hence, it becomes a critical issue to develop a new detection solution. According to our survey, unlike normal network services that use dynamic DNS to balance the workloads of their hosts, FFSNs utilize dynamic DNS to hide important bots. As a result, the response time of subsequent requests to an FF domain becomes more fluctuating. Based on the response time differences, this paper develops a new metric, Fast-Flux Score (FF-Score), to detect FF domains. Our system, called fast-flux domain detector (FFDD), is used on a computer that could be an end host or an IDS. A user with a set of unknown URLs, which may be obtained from spam or social networks, can simply determine whether they are benign domains or fast-flux ones using FFDD. Experimental results show that FFDD can accurately detect FF domains with only a 0.3% false positive rate and a 2% false negative rate. It takes less than 20 min for FFDD to determine whether a domain is an FF domain. In addition, FFDD is a lightweight stand-alone system; hence, it does not require special support from an ISP or any other network service.
    其他題名: J-SAC
    出版者: New York: IEEE
    出版日期: 2014-10
    出處: IEEE journal on selected areas in communications, 2014-10, Vol.32 (10), p.1947-1956
    資源來源: IEEE Electronic Library (IEL)
    版權: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Oct 2014
    識別號: ISSN: 0733-8716
    識別號: EISSN: 1558-0008
    識別號: DOI: 10.1109/JSAC.2014.2358814
    識別號: CODEN: ISACEM
    顯示於類別:[資訊工程學系] 期刊論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML16檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明