Monitoring the initial DNS behavior of malicious domains
作者: Shuang Hao , Nick Feamster , Ramakant Pandrangi
关键词:
摘要: Attackers often use URLs to advertise scams or propagate malware. Because the reputation of a domain can be used identify malicious behavior, miscreants register these domains "just in time" before an attack. This paper explores DNS behavior attack domains, as identified by appearance spam trap, shortly after were registered. We explore behavioral properties from two perspectives: (1) infrastructure associated with domain, is observable resource records; and (2) lookup patterns networks who are looking up initially. Our analysis yields many findings that may ultimately useful for early detection domains. By monitoring we find about 55% scam occur attacks at least one day registration, suggesting potential discovery solely based on resolves those also there few regions IP address space host name servers other types only Malicious have records distributed more widely across space, they quickly looked variety different networks. set "tainted" ASes heavily bad records. The features observe evident any even takes place; ultimately, might serve basis DNS-based warning system attacks.
acm.org
princeton.edu
ucsb.edu
sigcomm.org 
core.ac.uk 参考文章(18)
Felix C. Freiling, Konrad Rieck, Christian Gorecki, Thorsten Holz, Measuring and Detecting Fast-Flux Service Networks network and distributed system security symposium. ,(2008)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Mark Felegyhazi, Vern Paxson, Christian Kreibich, On the potential of proactive domain blacklisting usenix conference on large scale exploits and emergent threats. pp. 6- 6 ,(2010)
Manos Antonakakis, David Dagon, Xiapu Luo, Roberto Perdisci, Wenke Lee, Justin Bellmor, A centralized monitoring infrastructure for improving DNS security recent advances in intrusion detection. pp. 18- 37 ,(2010) , 10.1007/978-3-642-15512-3_2
Maria Konte, Nick Feamster, Jaeyeon Jung, Dynamics of Online Scam Hosting Infrastructure Lecture Notes in Computer Science. pp. 219- 228 ,(2009) , 10.1007/978-3-642-00975-4_22
Leyla Bilge, Engin Kirda, Christopher Kruegel, Marco Balduzzi, EXPOSURE : Finding malicious domains using passive DNS analysis network and distributed system security symposium. ,(2011)
Andre Broido, Evi Nemeth, K. C. Claffy, Spectroscopy of DNS update traffic measurement and modeling of computer systems. ,vol. 31, pp. 320- 321 ,(2003) , 10.1145/781027.781077
Sebastian Castro, Duane Wessels, Marina Fomenkov, Kimberly Claffy, A day at the root of the internet ACM SIGCOMM Computer Communication Review. ,vol. 38, pp. 41- 46 ,(2008) , 10.1145/1452335.1452341
N. Brownlee, K.C. Claffy, E. Nemeth, DNS measurements at a root server global communications conference. ,vol. 3, pp. 1672- 1676 ,(2001) , 10.1109/GLOCOM.2001.965864
Jaeyeon Jung, Emil Sit, Hari Balakrishnan, Robert Morris, DNS performance and the effectiveness of caching Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement - IMW '01. ,vol. 32, pp. 74- 74 ,(2001) , 10.1145/505202.505223