Genetic-based Real-time Fast-Flux Service Networks Detection

A new DNS technique called Fast-Flux Service Network (FFSN) has been employed by bot herders to hide malicious activities and extend the lifetime of malicious root servers. Although various methods have been proposed for detecting FFSNs, these mechanisms have low detection accuracy and protracted detection time. This study presents a novel detection scheme, designated as the Genetic-based ReAl-time DEtection (GRADE) system, to identify FFSNs in real time. GRADE differentiates between FFSNs and benign services by employing two new characteristics: the entropy of domains of preceding nodes for all A records and the standard deviation of round trip time to all A records. By applying genetic algorithms, GRADE is able to find the best strategy to detect current FFSN trends. Empirical results show GRADE has very high detection accuracy (similar to 98%) and gives results within a few seconds. It provides considerable improvement over existing reference schemes such Flux-Score [9], FFBD [13] and SSFD [14]. (c) 2012 Elsevier B.V. All rights reserved.