DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic

Chen, Yizheng; Antonakakis, Manos; Perdisci, Roberto; Nadji, Yacin; Dagon, David; Lee, Wenke

doi:10.1109/dsn.2014.61

Cited by 42 publications

(13 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Refs. [15] described and built a disposable zone miner to automatically find disposable domain names in 2014. Their passive DNS data collection systems captured the above and below traffic of the recursive DNS server related to a large ISP in the Midwestern US.…”

Section: The Passive Measurementmentioning

confidence: 99%

A Light-weighted Data Collection Method for DNS Simulation on the Cyber Range

Li¹,

Du²,

Huang³

et al. 2020

KSII TIIS

View full text Add to dashboard Cite

The method of DNS data collection is one of the most important parts of DNS simulation. DNS data contains a lot of information. When it comes to analyzing the DNS security issues by simulation on the cyber range with customized features, we only need some of them, such as IP address, domain name information, etc. Therefore, the data we need are supposed to be light-weighted and easy to manipulate. Many researchers have designed different schemes to obtain their datasets, such as LDplayer and Thales system. However, existing solutions consume excessive computational resources, which are not necessary for DNS security simulation. In this paper, we propose a light-weighted active data collection method to prepare the datasets for DNS simulation on cyber range. We evaluate the performance of the method and prove that it can collect DNS data in a short time and store the collected data at a lower storage cost. In addition, we give two examples to illustrate how our method can be used in a variety of applications.

show abstract

Section: The Passive Measurementmentioning

confidence: 99%

A Light-weighted Data Collection Method for DNS Simulation on the Cyber Range

Li¹,

Du²,

Huang³

et al. 2020

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…We trained the classifier with 17 classes, including 16 malware families and one manually labeled benign class. We labeled benign class from clusters containing mixture of all kinds of benign domains, as well as clusters containing disposable domains (e.g., DNS queries to Anti-Virus online reputation products [19]).…”

Section: Reimplementing Pleiadesmentioning

confidence: 99%

Practical Attacks Against Graph-based Clustering

Chen

Nadji

Kountouras

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

Graph modeling allows numerous security problems to be tackled in a general way, however, little work has been done to understand their ability to withstand adversarial attacks. We design and evaluate two novel graph attacks against a state-of-the-art network-level, graph-based detection system. Our work highlights areas in adversarial machine learning that have not yet been addressed, specifically: graph-based clustering techniques, and a global feature space where realistic attackers without perfect knowledge must be accounted for (by the defenders) in order to be practical. Even though less informed attackers can evade graph clustering with low cost, we show that some practical defenses are possible.Comment: ACM CCS 201

show abstract

“…On the plus side, this active monitoring contains no personally identifiable information of the senders. Moreover, we can control DNS queries so as not to contain disposable domain names [13], which are non-informative and negatively affect the database. For example, disposable domain names are onetime domain names automatically generated to obtain a user's environmental information by using certain antivirus products and web services.…”

Section: Monitoring Modulementioning

confidence: 99%

DomainProfiler: toward accurate and early discovery of domain names abused in future

Chiba

Yagi

Akiyama

et al. 2017

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Domain names are at the base of today's cyber-attacks. Attackers abuse the domain name system (DNS) to mystify their attack ecosystems; they systematically generate a huge volume of distinct domain names to make it infeasible for blacklisting approaches to keep up with newly generated malicious domain names. To solve this problem, we propose DomainProfiler for discovering malicious domain names that are likely to be abused in future. The key idea with our system is to exploit temporal variation patterns (TVPs) of domain names. The TVPs of domain names include information about how and when a domain name has been listed in legitimate/popular and/or malicious domain name lists. On the basis of this idea, our system actively collects historical DNS logs, analyzes their TVPs, and predicts whether a given domain name will be used for malicious purposes. Our evaluation revealed that DomainProfiler can predict malicious domain names 220 days beforehand with a true positive rate of 0.985. Moreover, we verified the effectiveness of our system in terms of the benefits from our TVPs and defense against cyber-attacks.

show abstract

DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic

Cited by 42 publications

References 13 publications

A Light-weighted Data Collection Method for DNS Simulation on the Cyber Range

A Light-weighted Data Collection Method for DNS Simulation on the Cyber Range

Practical Attacks Against Graph-based Clustering

DomainProfiler: toward accurate and early discovery of domain names abused in future

Contact Info

Product

Resources

About