HRB-EM Fast-Flux Scoring Model
Abstract— In the recent years, DNS misuse is increasing significantly and domain name system due to its special properties, has become one of the most attractive areas for the hackers and botmasters. Current botnets are using two main strategies for intrusion and getting C&C of the victim’s machines: DGA (Domain Name Generation Algorithm) and Fast-Fluxing. In this paper, we propose a new model for detecting fast-flux service networks which we called it HRB-EM. The accuracy of this model is 99.71% with 0.86% false positive and 0.09% false negative rate.
Index Terms— Network security, botnet, DNS, fast-flux
Hamid Reza Bolhasani, Ebrahim Mahdipour
Department of Computer Engineering, Science and Research Branch Islamic Azad University, IRAN
Cite: Hamid Reza Bolhasani, Ebrahim Mahdipour, "HRB-EM Fast-Flux Scoring Model," Proceedings of 2018 the 8th International Workshop on Computer Science and Engineering, pp. 417 -422, Bangkok, 28-30 June, 2018.