A self-healing, self-protecting collaborative intrusion detection architecture to trace-back fast-flux phishing domains

Abstract

Millions of users divulge their personal information on phishing websites, which causes over a billion dollars loss every year. Phishing domain take-down is the most promising approach to address this security issue, since there will be nothing there for a misled user to see if the fraudulent website has been removed completely. A key part of the take-down procedure is phishing hosting system trace-back. Traditional phishing hosting machines can be identified relatively quickly by their public DNS name or directly if their IP address is embedded within spam email. However, a newer architectural innovation known as fastflux networks uses a pool of compromised machines to hide the phishing web..