Abstract
Top domain rankings such as Alexa are frequently used in security research. Typical uses include selecting popular websites for measurement studies, and obtaining a sample of presumably “benign” domains for model training or whitelisting purposes in security systems. Consequently, an inappropriate use of these rankings can result in unwanted biases or vulnerabilities. This paper demonstrates that it is feasible to infiltrate two domain rankings with very little effort. For a domain with no real visitors, an attacker can maintain a rank in Alexa’s top 100 k domains, for instance, with seven fake users and a total of 217 fake visits per day. To remove malicious domains, multiple research studies retained only domains that had been ranked for at least one year. We find that even those domains contain entries labelled as malicious. Our results suggest that researchers should refrain from using these domain rankings to model benign behaviour.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alexa top 1 million download. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Amazon Alexa top sites. https://www.alexa.com/topsites
Are there known biases in Alexa’s traffic data? https://support.alexa.com/hc/en-us/articles/200461920-Are-there-known-biases-in-Alexa-s-traffic-data-
Cisco Umbrella top 1 million. https://s3-us-west-1.amazonaws.com/umbrella-static/index.html
How are Alexa’s traffic rankings determined? https://support.alexa.com/hc/en-us/articles/200449744-How-are-Alexa-s-traffic-rankings-determined-
Umbrella investigate API documentation. https://investigate-api.readme.io/docs/top-million-domains
Alrwais, S., et al.: Under the shadow of sunshine: understanding and detecting bulletproof hosting on legitimate service provider networks. In: Security & Privacy Symposium (2017)
Baker, L.: Manipulating Alexa traffic ratings (2006). https://www.searchenginejournal.com/manipulating-alexa-traffic-rankings/3044/
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS (2011)
Digital Point Forums: Alexa is a scam? (2010). https://forums.digitalpoint.com/threads/alexa-is-a-scam.2016206/
Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: CCS (2016)
Hao, S., et al.: Understanding the domain registration behavior of spammers. In: IMC (2013)
Heiderich, M., Frosch, T., Holz, T.: IceShield: detection and mitigation of malicious websites with a frozen DOM. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 281–300. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23644-0_15
Hubbard, D.: Cisco umbrella 1 million (2016). https://umbrella.cisco.com/blog/2016/12/14/cisco-umbrella-1-million/
Larisch, J., Choffnes, D., Levin, D., Maggs, B.M., Mislove, A., Wilson, C.: CRLite: a scalable system for pushing all TLS revocations to all browsers. In: Security & Privacy Symposium (2017)
Le Pochat, V., van Goethem, T., Tajalizadehkhoob, S., Korczynski, M., Joosen, W.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: NDSS (2019)
Lee, S., Kim, J.: WarningBird: detecting suspicious URLs in Twitter stream. In: NDSS (2011)
Lever, C., Kotzias, P., Balzarotti, D., Caballero, J., Antonakakis, M.: A lustrum of malware network communication: evolution and insights. In: Security & Privacy Symposium (2017)
Lever, C., Walls, R.J., Nadji, Y., Dagon, D., McDaniel, P., Antonakakis, M.: Domain-Z: 28 registrations later. In: Security & Privacy Symposium (2016)
Li, Z., Zhang, K., Xie, Y., Yu, F., Wang, X.: Knowing your enemy: understanding and detecting malicious web advertising. In: CCS (2012)
Nadji, Y., Antonakakis, M., Perdisci, R., Lee, W.: Connected colors: unveiling the structure of criminal networks. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 390–410. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41284-4_20
Pearce, P., Ensafi, R., Li, F., Feamster, N., Paxson, V.: Augur: Internet-wide detection of connectivity disruptions. In: Security & Privacy Symposium (2017)
Pitsillidis, A., Kanich, C., Voelker, G.M., Levchenko, K., Savage, S.: Taster’s choice: a comparative analysis of spam feeds. In: IMC (2012)
Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: DSN (2015)
Rweyemamu, W., Lauinger, T., Wilson, C., Robertson, W., Kirda, E.: Clustering and the weekend effect: recommendations for the use of top domain lists in security research. In: Choffnes, D., Barcellos, M. (eds.) PAM 2019. LNCS, vol. 11419, pp. 161–177. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15986-3_11
Scheitle, Q., et al.: A long way to the top: significance, structure, and stability of Internet top lists. In: IMC (2018)
SEO Chat Forums: Alexa ranking is fake? (2004). http://forums.seochat.com/alexa-ranking-49/alexa-ranking-fake-10828.html
Starov, O., Nikiforakis, N.: XHOUND: Quantifying the fingerprintability of browser extensions. In: Security & Privacy Symposium (2017)
Acknowledgements
We thank David Choffnes and Northeastern University’s ITS for assisting the authors in obtaining permission to use the university’s IP space. We also thank Ahmet Buyukkayhan for running Google Safe Browsing experiments on our behalf. This work was funded by Secure Business Austria and the National Science Foundation under grants IIS-1553088 and CNS-1703454.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rweyemamu, W., Lauinger, T., Wilson, C., Robertson, W., Kirda, E. (2019). Getting Under Alexa’s Umbrella: Infiltration Attacks Against Internet Top Domain Lists. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds) Information Security. ISC 2019. Lecture Notes in Computer Science(), vol 11723. Springer, Cham. https://doi.org/10.1007/978-3-030-30215-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-30215-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30214-6
Online ISBN: 978-3-030-30215-3
eBook Packages: Computer ScienceComputer Science (R0)