Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains
作者: Chaz Lever , Robert Walls , Yacin Nadji , David Dagon , Patrick McDaniel
DOI: 10.1109/SP.2016.47
关键词: Residual 、 Server 、 Internet privacy 、 Exploit 、 Computer science 、 Computer security 、 Domain Name System 、 Electronic mail 、 The Internet 、 Domain (software engineering) 、 Malware
摘要: Any individual that re-registers an expired domain implicitly inherits the residual trust associated with domain's prior use. We find adversaries can, and do, use malicious re-registration to exploit ownership changes -- undermining security of both users systems. In fact, we many seemingly disparate problems share a root cause in abuse. With this study shed light on unnoticed problem by measuring scope growth abuse over past six years. During time, identified 27,758 domains from public blacklists 238,279 resolved malware then were maliciously re-registered. To help address problem, propose technical remedy discuss several policy remedies. For former, develop Alembic, lightweight algorithm uses only passive observations Domain Name System (DNS) flag potential changes. identify instances using algorithm, including APT could be used revive existing infections.
elsevier.com
sci-hub.se 参考文章(27)
Nicholas Carlini, Adrienne Porter Felt, David Wagner, An evaluation of the Google Chrome extension security architecture usenix security symposium. pp. 7- 7 ,(2012)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Mark Felegyhazi, Vern Paxson, Christian Kreibich, On the potential of proactive domain blacklisting usenix conference on large scale exploits and emergent threats. pp. 6- 6 ,(2010)
Babak Rahbarinia, Roberto Perdisci, Manos Antonakakis, Segugio: Efficient Behavior-Based Tracking of Malware-Control Domains in Large ISP Networks 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp. 403- 414 ,(2015) , 10.1109/DSN.2015.35
David Dagon, Nick Feamster, Anirudh Ramachandran, Revealing botnet membership using DNSBL counter-intelligence conference on steps to reducing unwanted traffic on internet. pp. 8- 8 ,(2006)
Roberto Perdisci, David Dagon, Yacin Nadji, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Saeed Abu-Nimeh, From throw-away traffic to bots: detecting the rise of DGA-based malware usenix security symposium. pp. 24- 24 ,(2012)
Aaron Boodman, Adrienne Porter Felt, Prateek Saxena, Adam Barth, Protecting Browsers from Extension Vulnerabilities network and distributed system security symposium. ,(2010)
Neha Chachra, Vern Paxson, Christopher Kruegel, Chris Grier, Alexandros Kapravelos, Giovanni Vigna, Hulk: eliciting malicious behavior in browser extensions usenix security symposium. pp. 641- 654 ,(2014)
P. V. Mockapetris, Domain names - concepts and facilities RFC. ,vol. 1034, pp. 1- 31 ,(1987)
Marianne Winslett, Sruthi Bandhakavi, P. Madhusudan, Samuel T. King, VEX: vetting browser extensions for security vulnerabilities usenix security symposium. pp. 22- 22 ,(2010)