DHS Conference on Cyber Security (CATCH)

How can an organization defend against cybercrime enabled by botnets operating as fast flux service networks? Milcord will present its solution for "Real-time Detection of Fast Flux Service Networks" and botnets at the Cybersecurity Applications and Technology Conference for Homeland Security conference scheduled March 3-4, 2009 in Washington, DC. Very soon afterwards we'll be announcing the beta release of our new product Fast Flux Monitor that was the foundation for our research investigation.  To find out more about our research, visit the [[Botnet Defense]] project page.

Here's the abstract:

Here we present the first empirical study of
detecting and classifying fast flux service networks
(FFSNs) in real time. FFSNs exploit a network of
compromised machines (zombies) for illegal activities
such as spam, phishing and malware delivery using
DNS record manipulation techniques. Previous studies
have focused on actively monitoring these activities
over a large window (days, months) to detect such
FFSNs and measure their footprint. In this paper, we
present a Fast Flux Monitor (FFM) that can detect and
classify a FFSN in the order of minutes using both
active and passive DNS monitoring, which
complements long term surveillance of FFSNs.