Abstract
Fast-flux networks is a domain name system (DNS) technique used by botnets, which is hiding some attack like phishing and malware delivery sites behind associate dynamical network of compromised hosts acting as proxies, that sometimes hosts malicious content. Detection of fast-flux networks continues to be a difficult issue attributable to the similar behavior between these networks and alternative legitimate infrastructures, like server farms and content distribution networks. This study seeks to improve the detection and prediction of the unknown “zero-day” online fast-flux botnet. This improvement will be achieved using a new system called the fast-flux hunter (FFH), which supports a new adaptive evolving fuzzy neural network algorithm. The FFH system is a hybrid between the supervised and unsupervised online knowledge-based learning systems. The core mechanism of the FFH is based on the inherent feature of the fast-flux networks. It uses a collection of DNS traffic information. The FFH is able to scan over 7615 domain records and extract 14 distinct features for each domain. The FFH decreases the classification method’s error rate. The FFH has a detection accuracy rate of approximately 98 % and is compatible with life-long learning systems, footprint-consuming memory, and high-speed systems.
Similar content being viewed by others
References
Alieyan K, ALmomani A, Manasrah A, Kadhum MM (2015) A survey of botnet detection based on DNS. Neural Comput Appl 1–18. doi:10.1007/s00521-015-2128-0
Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2012) Behavioral analysis of botnets for threat intelligence. IseB 10(4):491–519
Otgonbold T (2014) ADAPT: an anonymous, distributed, and active probing-based technique for detecting malicious fast-flux domains. IOWA STATE UNIVERSITY, A graduate theses and dissertations. Paper 14225, pp 1–57. http://lib.dr.iastate.edu/etd/14225
ALmomani A, Wan T, Manasrah A, Altaher A, Backlizet M, Ramadas S (2013) An enhanced online phishing e-mail detection framework based on evolving connectionist system. Int J Innov Comput Inf Control (IJICIC) 9(3):169–175
Konte M, Feamster N, Jung J (2009) Dynamics of online scam hosting infrastructure. In: Passive and active network measurement, vol 5448. Springer, pp 219–228
Holz T, Gorecki C, Rieck K, Freiling FC (2008) Measuring and detecting fast-flux service networks. In: Proceedings of the network and distributed system security symposium, NDSS, pp 1–12
Al-Duwairi BN, Al-Hammouri AT (2014) Fast flux watch: a mechanism for online detection of fast flux networks. J Adv Res 5(4):473–479
Kasabov N (2001) Evolving fuzzy neural networks for supervised/unsupervised online knowledge-based learning. Syst Man Cybern Part B Cybern IEEE Trans 31(6):902–918
Koo T-M, Chang H-C, Chuang C-C (2012) Detecting and analyzing fast-flux service networks. Adv Inf Sci Serv Sci 4(10):183–190
Koo T-M, Chang H-C, Su W-H (2012) Building a P2P botnet based on a new key management scheme. Adv Inf Sci Serv Sci 4(5)
Wu J, Zhang L, Liang J, Qu S, Ni Z A (2010) Comparative study for fast-flux service networks detection. In: Networked computing and advanced information management (NCM), 2010 sixth international conference on IEEE, pp 346–350
Hu X, Knysz M, Shin KG (2011) Measurement and analysis of global IP-usage patterns of fast-flux botnets. In: INFOCOM, 2011 proceedings IEEE, pp 2633–2641
Almomani A, Gupta B, Atawneh S, Meulenberg A, Almomani E (2013) A survey of phishing email filtering techniques. Commun Surv Tutor IEEE 15(4):2070–2090
Perdisci R, Corona I, Dagon D, Lee W (2009) Detecting malicious flux service networks through passive analysis of recursive dns traces. In: Computer security applications conference. ACSAC’09. Annual, 2009. IEEE, pp 311–320
Hsu C-H, Huang C-Y, Chen K-T (2010) Fast-flux bot detection in real time. In: Recent advances in intrusion detection, vol 6307. Springer, pp 464–483
Martinez-Bea S, Castillo-Perez S, Garcia-Alfaro J (2013) Real-time malicious fast-flux detection using DNS and bot related features. In: 2013 Eleventh annual international conference on privacy, security and trust (PST), pp 369–372
Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2009) Real-time detection of fast flux service networks. In: Conference for homeland security, CATCH’09. Cybersecurity applications & technology, IEEE, pp 285–292
Almomani A, Wan T-C, Altaher A, Manasrah A, Almomani E, Anbar M, Aomari E, Ramadass S (2012) Evolving fuzzy neural network for phishing emails detection. J Comput Sci 8(7):10–99
Kasabov N (2007) Evolving connectionist systems: the knowledge engineering approach. Springer, NewYork
Szab o DO G, Malomsok S (2010) ISOT botnet dataset. University of Victoria, 2015. http://www.uvic.ca/engineering/ece/isot/datasets/
Mathworks (2012) 29-9-2015. www.mathworks.com
Almomani A, Obeidat A, Alsaedi K, Obaida MA-H, Al-Betar M (2015) Spam e-mail filtering using ECOS algorithms. Indian J Sci Technol 8(S9):260–272
Acknowledgments
This work was supported by Al-Balqa Applied University, Al-huson University College, Dept. of Information Technology, 50, Irbid, Jordan.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Almomani, A. Fast-flux hunter: a system for filtering online fast-flux botnet. Neural Comput & Applic 29, 483–493 (2018). https://doi.org/10.1007/s00521-016-2531-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-016-2531-1