Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Privacy in Social Media Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

Hiding Fast Flux Botnet in Plain Email Sight

verfasst von : Zhi Wang, Meilin Qin, Mengqi Chen, Chunfu Jia

Erschienen in: Security and Privacy in Communication Networks

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Fast flux and domain flux are widely used as evading techniques to conceal botnet C&C server. But nowadays, more and more machine learning schemes are introduced to recognize and detect fluxing botnet automatically and effectively. In this paper, we propose a novel fluxing scheme to hide C&C server in plain email sight. Email flux tries to blend in with normal email communication. With the excellent reputation of email servers, the malicious activity is more likely to get lost in the normal email crowd. Therefore, DNS-based botnet detection schemes are difficult to detect the email flux botnet. Comparing to the cost of registering a public IP address or a domain, the cost of registering an email account is much less, and email account reveals less geolocation information. And we introduce asymmetric encryption strategy to fortify DGA, preventing adversaries from taking down the botnet by registering email account before bot master. We also discuss possible countermeasures in the future to mitigate email flux.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Human Factors, Self-awareness and Intervention Approaches in Cyber Security When Using Mobile Devices and Social Networks
Nächstes Kapitel Cyber Security Decision Support for Remediation in Automated Computer Network Defence
Literatur
1.
2.
3.
4.
5.
Yin, T., Zhang, Y., Li, S.: DR-SNBot: a social network-based botnet with strong destroy-resistance. In: IEEE International Conference on Networking, Architecture, and Storage, pp. 191–199 (2014)
6.
Singh, K., Srivastava, A., Giffin, J., Lee, W.: Evaluating email’s feasibility for botnet command and control. In: IEEE International Conference on Dependable Systems and Networks with Ftcs and DCC, pp. 376–385. IEEE, Anchorage, June 2008
7.
Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and P2P-structured mobile botnets. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, pp. 137–148, ACM, New York (2012)
8.
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, , pp. 635–647, November 2009
9.
Iqbal, S., Kiah, M.L.M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M.K., Choo, K.-K.R.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J. Netw. Comput. Appl. 74, 98–120 (2016)CrossRef
10.
Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud ddos mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)CrossRef
11.
Ollmann, G.: Botnet communication topologies. Retrieved September, vol. 30, p. 9 (2009)
12.
Salusky, W., Danford, R.: Know your enemy: fast-flux service networks. Honeynet Proj., pp. 1–24 (2007)
13.
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2016. CCIS, vol. 608, pp. 83–95. Springer, Cham (2016). https://​doi.​org/​10.​1007/​978-3-319-39207-3_​8CrossRef
14.
Perdisci, R., Corona, I., Giacinto, G.: Early detection of malicious flux networks via large-scale passive dns traffic analysis. IEEE Trans. Dependable Secure Comput. 9, 714–726 (2012)
15.
Porras, P., Di, H., Yegneswaran, V.: A foray into conficker’s logic and Rendezvous points. In: USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, p. 7 (2009)
16.
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proceedings of the 19th USENIX Conference on Security, USENIX Security 2010, p. 18. USENIX Association, Berkeley (2010)
17.
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: Finding malicious domains using passive dns analysis. In: Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, February 2011
18.
Antonakakis, M., Perdisci, R., Lee, W., Nikolaos Vasiloglou, I., Dagon, D.: Detecting malware domains at the upper DNS hierarchy. In: USENIX Conference on Security, p. 27 (2011)
19.
Guerid, H., Mittig, K., Serhrouchni, A.: Privacy-preserving domain-flux botnet detection in a large scale network. In: International Conference on Communication Systems and Networks, pp. 1–9 (2013)
20.
Nguyen, T.-D., CAO, T.-D., Nguyen, L.-G.: DGA botnet detection using collaborative filtering and density-based clustering. In: Proceedings of the Sixth International Symposium on Information and Communication Technology, SoICT 2015, pp. 203–209. ACM, New York (2015)
21.
Lee S., Kim, J.: Fluxing botnet command and control channels with URL shortening services. Elsevier Science Publishers B. V. (2013)CrossRef
22.
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of DGA-based malware. In: USENIX Conference on Security Symposium, p. 24 (2011)
23.
Yahyazadeh, M., Abadi, M.: BotGrab: a negative reputation system for botnet detection. Comput. Electr. Eng. 41(6), 68–85 (2015)CrossRef
24.
Sharifnya, R., Abadi, M.: A novel reputation system to detect dga-based botnets. In: International Econference on Computer and Knowledge Engineering, pp. 417–423 (2013)
25.
Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Automatic reverse engineering of malware emulators. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 94–109, May 2009
26.
Campbell, S., Chan, S., R. Lee, J.: Detection of fast flux service networks. In: Australasian Information Security Conference, pp. 57–66 (2011)
27.
Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, pp. 487–492, February 2008
28.
Yadav, S., Reddy, A.K.K., Reddy, A.L., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: ACM SIGCOMM Conference on Internet Measurement 2010, Melbourne, Australia, pp. 48–61, November 2010
29.
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with dns traffic analysis. IEEE/ACM Trans. Netw. 20(5), 1663–1677 (2012)CrossRef
30.
Sharifnya, R., Abadi, M.: Dfbotkiller: domain-flux botnet detection based on the history of group activities and failures in DNS traffic. Digit. Invest. 12(12), 15–26 (2015)CrossRef
31.
32.
Jiang, N., Cao, J., Jin, Y., Li, L.E., Zhang, Z.L.: Identifying suspicious activities through DNS failure graph analysis. In: The 18th IEEE International Conference on Network Protocols, pp. 144–153, October 2010
33.
Gavrilut, D.T., Popoiu, G., Benchea, R.: Identifying DGA-based botnets using network anomaly detection. In: 2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), pp. 292–299, September 2016
34.
35.
Anderson, H.S., Woodbridge, J., Filar, B.: DeepDGA: adversarially-tuned domain generation and detection. In: ACM Workshop on Artificial Intelligence and Security, pp. 13–21 (2016)
36.
Golle, P.: Machine learning attacks against the Asirra CAPTCHA. In: ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, pp. 535–542, October 2008
37.
Yan, J., El Ahmad, A.S.: A low-cost attack on a microsoft CAPTCHA. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 543–554. ACM, New York (2008)
38.
Zhu, B.B., Yan, J., Li, Q., Yang, C., Liu, J., Xu, N., Yi, M., Cai, K.: Attacks and design of image recognition CAPTCHAS. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 187–200. ACM, New York (2010)
Metadaten
Titel
Hiding Fast Flux Botnet in Plain Email Sight
verfasst von
Zhi Wang
Meilin Qin
Mengqi Chen
Chunfu Jia
Copyright-Jahr
2018
Buch
Security and Privacy in Communication Networks

Print ISBN: 978-3-319-78815-9

Electronic ISBN: 978-3-319-78816-6

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-78816-6_14