Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
作者: Daiping Liu , Zhou Li , Kun Du , Haining Wang , Baojun Liu
关键词:
摘要: Domain names have been exploited for illicit online activities decades. In the past, miscreants mostly registered new domains their attacks. However, malicious purposes can be deterred by existing reputation and blacklisting systems. response to arms race, recently adopted a strategy, called domain shadowing, build attack infrastructures. Specifically, instead of registering domains, are beginning compromise legitimate ones spawn subdomains under them. This has rendered almost all countermeasures ineffective fragile because inherit trust apex attackers virtually an infinite number shadowed domains. this paper, we conduct first study understand detect emerging threat. Bootstrapped with set manually confirmed identify novel features that uniquely characterize shadowing analyzing deviation from correlation among different Building upon these features, train classifier apply it on daily feeds VirusTotal, large open security scanning service. Our highlights as increasingly rampant Moreover, while previously campaigns exclusively involved in exploit kits, reveal they also widely phishing Finally, observe algorithmically generating subdomain names, several cases wildcard DNS records.
sci-hub.se 参考文章(52)
Felix C. Freiling, Konrad Rieck, Christian Gorecki, Thorsten Holz, Measuring and Detecting Fast-Flux Service Networks network and distributed system security symposium. ,(2008)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Mark Felegyhazi, Vern Paxson, Christian Kreibich, On the potential of proactive domain blacklisting usenix conference on large scale exploits and emergent threats. pp. 6- 6 ,(2010)
Steven D. Gribble, Tobias Holgers, David E. Watson, Cutting through the confusion: a measurement study of homograph attacks usenix annual technical conference. pp. 24- 24 ,(2006)
Christopher Kruegel, Ralf Hund, Thorsten Holz, Gregoire Jacob, JACKSTRAWS: picking command and control connections from bot traffic usenix security symposium. pp. 29- 29 ,(2011)
Steven M. Bellovin, Using the domain name system for system break-ins usenix security symposium. pp. 18- 18 ,(1995) , 10.7916/D8ZS338M
Roberto Perdisci, David Dagon, Yacin Nadji, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Saeed Abu-Nimeh, From throw-away traffic to bots: detecting the rise of DGA-based malware usenix security symposium. pp. 24- 24 ,(2012)
David Dagon, Chris Lee, Wenke Lee, Niels Provos, Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority network and distributed system security symposium. ,(2008)
Amir Herzberg, Haya Shulman, Security of Patched DNS Computer Security – ESORICS 2012. pp. 271- 288 ,(2012) , 10.1007/978-3-642-33167-1_16
Geoffrey M. Voelker, Chris Fleizach, Stefan Savage, David S. Anderson, Spamscatter: characterizing internet scam hosting infrastructure usenix security symposium. pp. 10- ,(2007)