research-article

Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains

Authors:

Haixin DuanAuthors Info & Claims

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Pages 537 - 552

https://doi.org/10.1145/3133956.3134049

Published: 30 October 2017 Publication History

Abstract

Domain names have been exploited for illicit online activities for decades. In the past, miscreants mostly registered new domains for their attacks. However, the domains registered for malicious purposes can be deterred by existing reputation and blacklisting systems. In response to the arms race, miscreants have recently adopted a new strategy, called domain shadowing, to build their attack infrastructures. Specifically, instead of registering new domains, miscreants are beginning to compromise legitimate ones and spawn malicious subdomains under them. This has rendered almost all existing countermeasures ineffective and fragile because subdomains inherit the trust of their apex domains, and attackers can virtually spawn an infinite number of shadowed domains.

In this paper, we conduct the first study to understand and detect this emerging threat. Bootstrapped with a set of manually confirmed shadowed domains, we identify a set of novel features that uniquely characterize domain shadowing by analyzing the deviation from their apex domains and the correlation among different apex domains. Building upon these features, we train a classifier and apply it to detect shadowed domains on the daily feeds of VirusTotal, a large open security scanning service. Our study highlights domain shadowing as an increasingly rampant threat. Moreover, while previously confirmed domain shadowing campaigns are exclusively involved in exploit kits, we reveal that they are also widely exploited for phishing attacks. Finally, we observe that instead of algorithmically generating subdomain names, several domain shadowing cases exploit the wildcard DNS records.

Supplemental Material

MP4 File

Download
2491.20 MB

References

[1]

Domain Shadowing With a Twist. 2015. https://blog.malwarebytes.com/threat-analysis/2015/04/domain-shadowing-with-a-twist/.

[2]

Pieter Agten, Wouter Joosen, Frank Piessens, and Nick Nikiforakis 2015. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).

[3]

Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, Xiaofeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy. 2017. Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service Provider Networks. In IEEE S&P.

[4]

Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Zhou Li, and XiaoFeng Wang 2014. Understanding the Dark Side of Domain Parking. In USENIX Security Symposium (USENIX Security).

[5]

Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Xiaojing Liao, Alina Oprea, XiaoFeng Wang, and Zhou Li 2016. Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites. In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC).

Digital Library

[6]

David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker 2007. Spamscatter: Characterizing Internet Scam Hosting Infrastructure Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (SS'07).

[7]

Fake Extensions Angler EK: More Obfuscation and Other Nonsense 2015. http://blogs.cisco.com/security/talos/angler-update.

[8]

Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster 2010. Building a Dynamic Reputation System for DNS. In Proceedings of the 19th USENIX Conference on Security.

Digital Library

[9]

Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, II, and David Dagon 2011. Detecting Malware Domains at the Upper DNS Hierarchy Proceedings of the 20th USENIX Conference on Security.

[10]

Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, and David Dagon 2012. From Throw-away Traffic to Bots: Detecting the Rise of DGA-based Malware Proceedings of the 21st USENIX Conference on Security Symposium.

[11]

Internet Archive. 2017. https://archive.org/.

[12]

Steven M. Bellovin. 1995. Using the Domain Name System for System Break-ins. USENIX Security.

[13]

Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi 2011. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).

[14]

Website blocked as malicious. 2015. https://forum.avast.com/index.php?topic=167705.0/.

[15]

Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna 2013. Delta: Automatic Identification of Unknown Web-based Infection Campaigns Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS).

[16]

Leo Breiman and Adele Cutler 2017. Random Forests https://www.stat.berkeley.edu/breiman/RandomForests/cc_home.htm.

[17]

Leo Breiman, Jerome Friedman, Charles J Stone, and Richard A Olshen 1984. Classification and regression trees. CRC press.

[18]

Davide Canali, Marco Cova, Giovanni Vigna, and Christopher Kruegel 2011. Prophiler: A Fast Filter for the Large-scale Detection of Malicious Web Pages Proceedings of the 20th International Conference on World Wide Web (WWW).

Digital Library

[19]

Sundown EK: You Better Take Care. 2016. http://blog.talosintelligence.com/2016/10/sundown-ek.html.

[20]

CommonCrawl. 2017. http://commoncrawl.org/.

[21]

David Dagon, Chris Lee, Wenke Lee, and Niels Provos. 2008. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority NDSS.

[22]

defintel 2016. Shadow Puppets - Domain Shadowing 101. https://defintel.com/blog/index.php/2016/03/shadow-puppets-domain-shadowing-101.html. (2016).

[23]

Dynamic DNS. 2017. https://doc.pfsense.org/index.php/Dynamic_DNS.

[24]

Forward DNS. 2017. https://scans.io/study/sonar.fdns_v2.

[25]

DNSDB 2017. https://www.farsightsecurity.com/solutions/dnsdb/.

[26]

Peru domain registrar hacked & 207116 domain credentials stolen 2012. https://www.alertlogic.com/blog/peru-domain-registrar-hacked-and-207,116-domain-credentials-stolen-anonymous-group/.

[27]

Kun Du, Hao Yang, Zhou Li, Haixin Duan, and Kehuan Zhang 2016. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO USENIX Security Symposium (USENIX Security).

[28]

David Dunkel. 2015. Catch Me If You Can: How APT Actors Are Moving Through Your Environment Unnoticed. http://blog.trendmicro.com/catch-me-if-you-can-how-apt-actors-are-moving-through-your-environment-unnoticed/. (2015).

[29]

Mark Felegyhazi, Christian Kreibich, and Vern Paxson. 2010. On the Potential of Proactive Domain Blacklisting. Proceedings of the USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET).

Digital Library

[30]

Security Alert: Angler EK Accounts for Over 80% of Drive-by Attacks in the Past Month. 2016. https://heimdalsecurity.com/blog/angler-exploit-kit-over-80-of-drive-by-attacks/.

[31]

Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker 2012. Manufacturing Compromise: The Emergence of Exploit-as-a-service Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12).

[32]

Shuang Hao, Alex Kantchelian, Brad Miller, Vern Paxson, and Nick Feamster 2016. PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS).

[33]

Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, and Scott Hollenbeck 2013. Understanding the Domain Registration Behavior of Spammers ACM IMC.

[34]

Amir Herzberg and Haya Shulman 2012. Security of Patched DNS. In ESORICS.

[35]

Amir Herzberg and Haya Shulman 2013. Fragmentation Considered Poisonous, or: One-domain-to-rule-them-all.org IEEE CNS.

[36]

Amir Herzberg and Haya Shulman 2013. Socket Overloading for Fun and Cache-poisoning. In ACSAC.

Digital Library

[37]

Tobias Holgers, David E. Watson, and Steven D. Gribble. 2006. Cutting Through the Confusion: A Measurement Study of Homograph Attacks USENIX ATC.

[38]

Thorsten Holz, Christian Gorecki, Konrad Rieck, and Felix C. Freiling 2008. Measuring and Detecting Fast-Flux Service Networks Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).

[39]

Threat Spotlight: Angler Lurking in the Domain Shadows 2015. http://blogs.cisco.com/security/talos/angler-domain-shadowing.

[40]

Luca Invernizzi, Stefano Benvenuti, Marco Cova, Paolo Milani Comparetti, Christopher Kruegel, and Giovanni Vigna 2012. EvilSeed: A Guided Approach to Finding Malicious Web Pages Proceedings of the IEEE Symposium on Security and Privacy (S&P).

[41]

Gregoire Jacob, Ralf Hund, Christopher Kruegel, and Thorsten Holz 2011. JACKSTRAWS: Picking Command and Control Connections from Bot Traffic Proc. 20th USENIX Security Symposium.

[42]

D. Kaminsky. 2008. It's the End of the Cache As We Know It. In Blackhat Briefings.

[43]

Kankanews. 2014. Xinnet breach leads false resolution of registered sites. http://www.kankanews.com/a/2014-04-02/0014513245.shtml. (2014).

[44]

Mohammad Taha Khan, Xiang Huo, Zhou Li, and Chris Kanich. 2015. Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting IEEE Symposium on Security and Privacy (S&P).

[45]

Maciej Korczynski, Samaneh Tajalizadehkhoob, Arman Noroozian, Maarten Wullink, Cristian Hesselman, and Michel van Eeten [n. d.]. Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs Proceedings of 2nd IEEE European Symposium on Security and Privacy (Euro S&P).

[46]

Marc Kührer, Thomas Hupperich, Jonas Bushart, Christian Rossow, and Thorsten Holz. 2015. Going Wild: Large-Scale Classification of Open DNS Resolvers ACM IMC.

Digital Library

[47]

How lead fraud happens? 2015. https://www.databowl.com/blog/posts/2015/10/07/how-lead-fraud-happens.html.

[48]

Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2011. Measuring and Analyzing Search-redirection Attacks in the Illicit Online Prescription Drug Trade Proceedings of USENIX Conference on Security.

[49]

Chaz Lever, Platon Kotzias, Davide Balzarotti, Juan Caballero, and Manos Antonakakisz. 2017. A Lustrum of Malware Network Communication: Evolution and Insights 38th IEEE Symposium on Security and Privacy (S&P).

[50]

Chaz Lever, Robert Walls, Yacin Nadji, David Dagon, Patrick McDaniel, and Manos Antonakakis 2016. Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains IEEE Symposium on Security and Privacy (SP).

[51]

Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson. 2016. Youtextquoterightve Got Vulnerability: Exploring Effective Vulnerability Notifications USENIX Security Symposium.

[52]

Zhou Li, Sumayah Alrwais, Xiaofeng Wang, and Eihal Alowaisheq. 2014. Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections IEEE Symposium on Security and Privacy (S&P).

[53]

Zhou Li, Sumayah Alrwais, Yinlian Xie, Fang Yu, and Xiaofeng Wang 2013. Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures. In IEEE Symposium on Security and Privacy (S&P).

[54]

Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, and XiaoFeng Wang 2012. Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS).

Digital Library

[55]

Daiping Liu, Shuai Hao, and Haining Wang 2016. All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS).

[56]

Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker 2009. Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD).

[57]

Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker 2009. Identifying Suspicious URLs: An Application of Large-scale Online Learning Proceedings of the 26th Annual International Conference on Machine Learning (ICML).

[58]

Let's Encrypt Now Being Abused By Malvertisers 2016. http://blog.trendmicro.com/trendlabs-security-intelligence/lets-encrypt-now-being-abused-by-malvertisers.

[59]

Malware-Traffic-Analysis. 2017. 2017-04-06 - EITEST RIG EK from 109.234.36.165 sends matrix ransomware variant. http://www.malware-traffic-analysis.net/2017/04/06/index2.html. (2017).

[60]

Alexa Top 1 Million. 2017. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.

[61]

Mozilla 2017. Public suffix list. https://publicsuffix.org/list/public_suffix_list.dat. (2017).

[62]

Alexandros Ntoulas, Marc Najork, Mark Manasse, and Dennis Fetterly 2006. Detecting Spam Web Pages Through Content Analysis. Proceedings of the 15th International Conference on World Wide Web (WWW).

Digital Library

[63]

PassiveDNS. 2017. http://netlab.360.com/.

[64]

Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, and Elmar Gerhards-Padilla. 2016. A Comprehensive Measurement Study of Domain Generating Malware 25th USENIX Security Symposium.

[65]

CDN IP ranges. 2017. https://zenodo.org/record/842988#.WZJtrVGGMzM.

[66]

Domain registrar attacked customer passwords reset 2013. http://www.theregister.co.uk/2013/05/09/name_dot_com_data_leak/.

[67]

scikit learn. 2017. http://scikit-learn.org/.

[68]

The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK 2015. https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows/.

[69]

Malvertising slowing down but not out. 2016. https://blog.malwarebytes.com/cybercrime/exploits/2016/07/malvertising-slowing-down-but-not-out/.

[70]

Threat spotlight: CISCO TALOS thwarts access to massive international exploit kit generating $60M annually from ransomware alone 2015. http://www.talosintelligence.com/angler-exposed/.

[71]

Tom Spring. 2016. Inside the RIG exploit kit. https://threatpost.com/inside-the-rig-exploit-kit/121805/. (2016).

[72]

The story around the Linode hack. 2013. https://news.ycombinator.com/item?id=5667027.

[73]

Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna 2013. Shady Paths: Leveraging Surfing Crowds to Detect Malicious Web Pages Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS).

[74]

Janos Szurdi, Balazs Kocso, Gabor Cseh, Jonathan Spring, Mark Felegyhazi, and Chris Kanich. 2014. The Long textquotedblleftTailetextquotedblright of Typosquatting Domain Names. USENIX Security Symposium (USENIX Security).

[75]

Florian Tegeler, Xiaoming Fu, Giovanni Vigna, and Christopher Kruegel 2012. BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection Proc. 8th International Conference on Emerging Networking Experiments and Technologies (CoNEXT '12).

Digital Library

[76]

Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, and Dawn Song 2011. Design and Evaluation of a Real-Time URL Spam Filtering Service Proceedings of the IEEE Symposium on Security and Privacy (S&P).

[77]

Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted 2016. http://blog.talosintelligence.com/2016/09/shadowgate-takedown.html.

[78]

Hover Resets User Passwords Due to Possible Breach 2015. http://www.securityweek.com/hover-resets-user-passwords-due-possible-breach/.

[79]

Angler Attempts to Slip the Hook. 2016. http://blog.talosintelligence.com/2016/03/angler-slips-hook.html.

[80]

A Look Into Malvertising Attacks Targeting The UK 2016. https://blog.malwarebytes.com/threat-analysis/2016/03/a-look-into-malvertising-attacks-targeting-the-uk/.

[81]

VirusTotal. 2017. https://www.virustotal.com/.

[82]

Thomas Vissers, Wouter Joosen, and Nick Nikiforakis. 2015. Parking Sensors: Analyzing and Detecting Parked Domains Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).

[83]

David Y. Wang, Stefan Savage, and Geoffrey M. Voelker. 2011. Cloak and Dagger: Dynamics of Web Search Cloaking. Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS).

Digital Library

[84]

Colin Whittaker, Brian Ryner, and Marria Nazif. 2010. Large-Scale Automatic Classification of Phishing Pages Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).

[85]

Sandeep Yadav, Ashwath Kumar Krishna Reddy, A.L. Narasimha Reddy, and Supranamaya Ranjan 2010. Detecting Algorithmically Generated Malicious Domain Names Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC). endthebibliography

Cited By

Moura GDaniels TBosteels MCastro SMüller MWabeke Tvan den Hout TKorczyński MSmaragdakis GLuo BLiao XXu JKirda ELie D(2024)Characterizing and Mitigating Phishing Attacks at ccTLD ScaleProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690192(2147-2161)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690192
Phillips JChow YRogers HBlaszczynski A(2024)The search term ‘suicide’ is being used to lead web browsers to online casinosBehaviour & Information Technology10.1080/0144929X.2023.229830743:16(4033-4044)Online publication date: 5-Jan-2024
https://doi.org/10.1080/0144929X.2023.2298307
Zhang FZhang YLiu BAlowaisheq EYing LLi XZhang ZLiu YDuan HZhang MMontpetit MLeivadeas AUhlig SJaved M(2023)Wolf in Sheep's Clothing: Evaluating Security Risks of the Undelegated Record on DNS Hosting ServicesProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624839(188-197)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624839
Show More Cited By

Index Terms

Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
1. Networks
  1. Network properties
    1. Network security
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Social engineering attacks
      1. Phishing
  2. Systems security
    1. Distributed systems security

Recommendations

Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

In recent years, the security implication of stale NS records, which point to a nameserver that no longer resolves the domain, has been unveiled. Prior research studied the stale DNS records that point to expired domains. The popularity of DNS hosting ...
All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

In a dangling DNS record (Dare), the resources pointed to by the DNS record are invalid, but the record itself has not yet been purged from DNS. In this paper, we shed light on a largely overlooked threat in DNS posed by dangling DNS records. Our work ...
Study on the latent state of Kaminsky-style DNS cache poisoning: Modeling and empirical analysis
Abstract
Due to the slow adoption of DNSSEC, the defense against Kaminsky-style DNS cache poisoning still mainly relies on conventional challenge-response mechanisms which have security vulnerabilities. Existing industry and academic research on DNS cache ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

October 2017

2682 pages

ISBN:9781450349468

DOI:10.1145/3133956

General Chair:
Bhavani Thuraisingham
The University of Texas at Dallas, USA
,
Program Chairs:
David Evans
University of Virginia
,
Tal Malkin
Columbia University
,
Dongyan Xu
Purdue University

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

October 30 - November 3, 2017

Texas, Dallas, USA

Acceptance Rates

CCS '17 Paper Acceptance Rate 151 of 836 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
711
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)8

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Moura GDaniels TBosteels MCastro SMüller MWabeke Tvan den Hout TKorczyński MSmaragdakis GLuo BLiao XXu JKirda ELie D(2024)Characterizing and Mitigating Phishing Attacks at ccTLD ScaleProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690192(2147-2161)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690192
Phillips JChow YRogers HBlaszczynski A(2024)The search term ‘suicide’ is being used to lead web browsers to online casinosBehaviour & Information Technology10.1080/0144929X.2023.229830743:16(4033-4044)Online publication date: 5-Jan-2024
https://doi.org/10.1080/0144929X.2023.2298307
Zhang FZhang YLiu BAlowaisheq EYing LLi XZhang ZLiu YDuan HZhang MMontpetit MLeivadeas AUhlig SJaved M(2023)Wolf in Sheep's Clothing: Evaluating Security Risks of the Undelegated Record on DNS Hosting ServicesProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624839(188-197)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624839
Nosyk YKorczyński MGañán CKról MLone QDuda A(2023)Don’t Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00202(1480-1489)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00202
Wang CLi ZYin JLiu ZZhang ZLiu Q(2023)IDTracker: Discovering Illicit Website Communities via Third-party Service IDs2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00050(459-469)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00050
Cheng YLiu YWang LZhang ZChai TDu Y(2022)Evaluating the Effectiveness of Handling Abusive Domain Names by Internet EntitiesElectronics10.3390/electronics1108117211:8(1172)Online publication date: 7-Apr-2022
https://doi.org/10.3390/electronics11081172
Tang SMi XLi YWang XChen KYin HStavrou ACremers CShi E(2022)Clues in TweetsProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3559351(2751-2764)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3559351
Degani LBergadano FMirheidari SMartinelli FCrispo BHong JBures MPark JCerny T(2022)Generative adversarial networks for subdomain enumerationProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3506967(1636-1645)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3506967
Chang DChen JLi ZLi X(2022)Hide and Seek: Revisiting DNS-based User Tracking2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00020(188-205)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00020
Li CDai LKong DXu ZHan Y(2022)A Byte-level Autoencoder-based Method to Detect Malicious Open Resolver2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD54268.2022.9776266(317-322)Online publication date: 4-May-2022
https://doi.org/10.1109/CSCWD54268.2022.9776266
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten