Jeffrey Spaulding scite author profile

Jeffrey Spaulding

Sign up to set email alerts

|

16Publications

215Citation Statements Received

320Citation Statements Given

How they've been cited

How they cite others

Affiliations

Canisius College, University of Central Florida, University at Buffalo, State University of New York

Publications

Order By: Most citations

Exploring the Attack Surface of Blockchain: A Comprehensive Survey

¹

,

²

,

³

et al. 2020

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, Domain Name System (DNS) attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities.

Overview of Attack Surfaces in Blockchain

¹

,

²

,

³

et al. 2019

View full text Add to dashboard Cite

The Landscape of Domain Name Typosquatting: Techniques and Countermeasures

¹

,

²

,

³

2016

View full text Add to dashboard Cite

Abstract-With more than 294 million registered domain names as of late 2015, the domain name ecosystem has evolved to become a cornerstone for the operation of the Internet. Domain names today serve everyone, from individuals for their online presence to big brands for their business operations. Such ecosystem that facilitated legitimate business and personal uses has also fostered "creative" cases of misuse, including phishing, spam, hit and traffic stealing, online scams, among others. As a first step towards this misuse, the registration of a legitimatelylooking domain is often required. For that, domain typosquatting provides a great avenue to cybercriminals to conduct their crimes.In this paper, we review the landscape of domain name typosquatting, highlighting models and advanced techniques for typosquatted domain names generation, models for their monetization, and the existing literature on countermeasures. We further highlight potential fruitful directions on technical countermeasures that are lacking in the literature.

Proactive detection of algorithmically generated malicious domains

¹

,

²

,

³

et al. 2018

View full text Add to dashboard Cite

Understanding the effectiveness of typosquatting techniques

¹

,

²

,

³

2017

View full text Add to dashboard Cite

Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT

¹

,

²

,

³

et al. 2018

Trans Emerging Tel Tech

View full text Add to dashboard Cite

In this paper, we introduce DRIFT, a system for detecting command and control (C2) domain names in Internet of Things–scale botnets. Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference‐based lightweight feature for malicious C2 domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.

You’ve Been Tricked! A User Study of the Effectiveness of Typosquatting Techniques

¹

,

²

,

³

2017

View full text Add to dashboard Cite

Defending Internet of Things Against Malicious Domain Names using D-FENS

¹

,

²

2018

View full text Add to dashboard Cite

12

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.