The authors use Passive DNS to log domain name query history of real campus network environment, and construct eighteen feature sets grouping by diversity, time, growth, and relevance, and then propose a model detect Fast-Flux Domains using random forest algorithm. The result shows that the proposed model can classify domains with accuracy over 90% by cross validation experiments. The model can detect Fast-Flux domains in the datasets used in this study more effectively compared with Fluxbuster.
