FluxBuster is a system for detecting live fast-flux networks via passive DNS traffic analysis. It is based on ISC's Security Information Exchange data sharing project (later acquired by a company).
- A detailed description of the system can be found in
- Roberto Perdisci, Igino Corona, Giorgio Giacinto. "Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis." IEEE Transactions on Dependable and Secure Computing, 9(5), Sept.-Oct. 2012, pp. 714-726. [pdf]
- The source code can be found at https://github.com/perdisci/fluxbuster