Skip to main content
SpringerLink
Log in

Getting Under Alexa’s Umbrella: Infiltration Attacks Against Internet Top Domain Lists

  • Conference paper
  • First Online:
Book cover Information Security (ISC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11723))

Included in the following conference series:

Abstract

Top domain rankings such as Alexa are frequently used in security research. Typical uses include selecting popular websites for measurement studies, and obtaining a sample of presumably “benign” domains for model training or whitelisting purposes in security systems. Consequently, an inappropriate use of these rankings can result in unwanted biases or vulnerabilities. This paper demonstrates that it is feasible to infiltrate two domain rankings with very little effort. For a domain with no real visitors, an attacker can maintain a rank in Alexa’s top 100 k domains, for instance, with seven fake users and a total of 217 fake visits per day. To remove malicious domains, multiple research studies retained only domains that had been ranked for at least one year. We find that even those domains contain entries labelled as malicious. Our results suggest that researchers should refrain from using these domain rankings to model benign behaviour.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alexa top 1 million download. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip

  2. Amazon Alexa top sites. https://www.alexa.com/topsites

  3. Are there known biases in Alexa’s traffic data? https://support.alexa.com/hc/en-us/articles/200461920-Are-there-known-biases-in-Alexa-s-traffic-data-

  4. Cisco Umbrella top 1 million. https://s3-us-west-1.amazonaws.com/umbrella-static/index.html

  5. How are Alexa’s traffic rankings determined? https://support.alexa.com/hc/en-us/articles/200449744-How-are-Alexa-s-traffic-rankings-determined-

  6. Umbrella investigate API documentation. https://investigate-api.readme.io/docs/top-million-domains

  7. Alrwais, S., et al.: Under the shadow of sunshine: understanding and detecting bulletproof hosting on legitimate service provider networks. In: Security & Privacy Symposium (2017)

    Google Scholar 

  8. Baker, L.: Manipulating Alexa traffic ratings (2006). https://www.searchenginejournal.com/manipulating-alexa-traffic-rankings/3044/

  9. Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS (2011)

    Google Scholar 

  10. Digital Point Forums: Alexa is a scam? (2010). https://forums.digitalpoint.com/threads/alexa-is-a-scam.2016206/

  11. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: CCS (2016)

    Google Scholar 

  12. Hao, S., et al.: Understanding the domain registration behavior of spammers. In: IMC (2013)

    Google Scholar 

  13. Heiderich, M., Frosch, T., Holz, T.: IceShield: detection and mitigation of malicious websites with a frozen DOM. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 281–300. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23644-0_15

    Chapter  Google Scholar 

  14. Hubbard, D.: Cisco umbrella 1 million (2016). https://umbrella.cisco.com/blog/2016/12/14/cisco-umbrella-1-million/

  15. Larisch, J., Choffnes, D., Levin, D., Maggs, B.M., Mislove, A., Wilson, C.: CRLite: a scalable system for pushing all TLS revocations to all browsers. In: Security & Privacy Symposium (2017)

    Google Scholar 

  16. Le Pochat, V., van Goethem, T., Tajalizadehkhoob, S., Korczynski, M., Joosen, W.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: NDSS (2019)

    Google Scholar 

  17. Lee, S., Kim, J.: WarningBird: detecting suspicious URLs in Twitter stream. In: NDSS (2011)

    Google Scholar 

  18. Lever, C., Kotzias, P., Balzarotti, D., Caballero, J., Antonakakis, M.: A lustrum of malware network communication: evolution and insights. In: Security & Privacy Symposium (2017)

    Google Scholar 

  19. Lever, C., Walls, R.J., Nadji, Y., Dagon, D., McDaniel, P., Antonakakis, M.: Domain-Z: 28 registrations later. In: Security & Privacy Symposium (2016)

    Google Scholar 

  20. Li, Z., Zhang, K., Xie, Y., Yu, F., Wang, X.: Knowing your enemy: understanding and detecting malicious web advertising. In: CCS (2012)

    Google Scholar 

  21. Nadji, Y., Antonakakis, M., Perdisci, R., Lee, W.: Connected colors: unveiling the structure of criminal networks. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 390–410. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41284-4_20

    Chapter  Google Scholar 

  22. Pearce, P., Ensafi, R., Li, F., Feamster, N., Paxson, V.: Augur: Internet-wide detection of connectivity disruptions. In: Security & Privacy Symposium (2017)

    Google Scholar 

  23. Pitsillidis, A., Kanich, C., Voelker, G.M., Levchenko, K., Savage, S.: Taster’s choice: a comparative analysis of spam feeds. In: IMC (2012)

    Google Scholar 

  24. Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: DSN (2015)

    Google Scholar 

  25. Rweyemamu, W., Lauinger, T., Wilson, C., Robertson, W., Kirda, E.: Clustering and the weekend effect: recommendations for the use of top domain lists in security research. In: Choffnes, D., Barcellos, M. (eds.) PAM 2019. LNCS, vol. 11419, pp. 161–177. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15986-3_11

    Chapter  Google Scholar 

  26. Scheitle, Q., et al.: A long way to the top: significance, structure, and stability of Internet top lists. In: IMC (2018)

    Google Scholar 

  27. SEO Chat Forums: Alexa ranking is fake? (2004). http://forums.seochat.com/alexa-ranking-49/alexa-ranking-fake-10828.html

  28. Starov, O., Nikiforakis, N.: XHOUND: Quantifying the fingerprintability of browser extensions. In: Security & Privacy Symposium (2017)

    Google Scholar 

Download references

Acknowledgements

We thank David Choffnes and Northeastern University’s ITS for assisting the authors in obtaining permission to use the university’s IP space. We also thank Ahmet Buyukkayhan for running Google Safe Browsing experiments on our behalf. This work was funded by Secure Business Austria and the National Science Foundation under grants IIS-1553088 and CNS-1703454.

Author information

Authors and Affiliations

  1. Northeastern University, Boston, MA, USA

    Walter Rweyemamu, Tobias Lauinger, Christo Wilson, William Robertson & Engin Kirda

Authors
  1. Walter Rweyemamu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tobias Lauinger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christo Wilson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. William Robertson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Engin Kirda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Walter Rweyemamu .

Editor information

Editors and Affiliations

  1. The Ohio State University, Columbus, OH, USA

    Zhiqiang Lin

  2. University of Maryland, College Park, MD, USA

    Charalampos Papamanthou

  3. Stony Brook University, Stony Brook, NY, USA

    Michalis Polychronakis

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rweyemamu, W., Lauinger, T., Wilson, C., Robertson, W., Kirda, E. (2019). Getting Under Alexa’s Umbrella: Infiltration Attacks Against Internet Top Domain Lists. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds) Information Security. ISC 2019. Lecture Notes in Computer Science(), vol 11723. Springer, Cham. https://doi.org/10.1007/978-3-030-30215-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30215-3_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30214-6

  • Online ISBN: 978-3-030-30215-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation