Shijie Zhou - University of Electronic Science and Technology of China
Jan 27, 2010
"Fast-flux" refers to rapidly assign different IP addresses to the same domain name. Although some legitimate uses with this technique are known, it has within the recent years become a favorite tool for cyber criminals to launch collaborative attacks. After it was first observed by Honeynet, it was reported that fast-flux has been used in phishing, malware spreading, spam, and other malicious activities linked to criminal organizations. Combining with peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, fast-flux makes Internet attacks more resistant to discovery and counter-measure.
This discussion will introduce the comprehensive survey on fast-flux attacks. Some important issues including technical background, classification, characterization, detection and measurement, and mitigation are discussed. Challenges of detecting and mitigating fast-flux attack are also pointed out. Some our current researches, including modeling and detecting fast-flux attack, is also addressed.
About the Speaker
Shijie Zhou is an associate professor and deputy dean in the school of computer science and engineering (http://www.ccse.uestc.edu.cn) at University of Electronic Science and Technology of China (http://www.uestc.edu.cn). Currently he is also a visiting scholar in the department of computer science at Purdue University. He received his Ph.D. in computer science from UESTC in 2004. His research interests include network security and distributed computing.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...