JOURNAL OF NETWORKS (JNW)
ISSN : 1796-2056
Volume : 4    Issue : 1    Date : February 2009

Collaborative Detection of Fast Flux Phishing Domains
Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera
Page(s): 75-84
Full Text:
PDF (756 KB)


Abstract
Phishing is a significant security threat to users of Internet services. Nowadays, phishing has
become more resilient to detection and trace-back with the invention of Fast Flux (FF) service
networks. We propose two approaches to correlate evidence from multiple DNS servers and
multiple suspect FF domains. Real-world experiments show that our correlation approaches
speed-up FF domain detection, based on an analytical model that we propose to quantify the
number of DNS queries needed to confirm a FF domain. We also show how our correlation scheme
can be implemented on a large scale by using a decentralized publish-subscribe correlation model
called LarSID, which is more scalable than a fully centralized architecture.

Index Terms
phishing, fast flux service networks, collaborative intrusion detection, round-robin DNS