论文信息 - DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names

DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names

Domain names and domain name system (DNS) have been used and abused for over 30 years since the 1980s. Although legitimate Internet users rely on domain names as their indispensable infrastructures for using the Internet, attackers use or abuse them as reliable, instantaneous, and distributed attack infrastructure. However, there is a lack of complete understanding of such domain name abuses and the methods for coping with them. In this paper, we design and implement a unified and objective analysis pipeline combining the existing defense solutions to realize practical and optimal defenses against today's malicious domain names. The basic concept underlying our novel analytical approach is malicious domain names' chromatography. Our new analysis pipeline can distinguish among mixtures of malicious domain names for websites. On the basis of this concept, we do not create a hodgepodge of existing solutions but design separation of abused domain names and offer defense information by considering the characteristics of malicious domain names as well as the possible defense solutions and points of defense. Finally, we evaluate our analysis pipeline and output defense information using a large and real dataset to show the effectiveness and validity of our proposed approach.

[1] Wouter Joosen,et al. Parking Sensors: Analyzing and Detecting Parked Domains , 2015, NDSS.

[2] Chris Kanich,et al. The Long "Taile" of Typosquatting Domain Names , 2014, USENIX Security Symposium.

[3] Jian Jiang,et al. Forwarding-Loop Attacks in Content Delivery Networks , 2016, NDSS.

[4] Leyla Bilge,et al. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[5] Mitsuaki Akiyama,et al. DomainProfiler: Discovering Domain Names Abused in Future , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[6] Fang Yu,et al. Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures , 2013, 2013 IEEE Symposium on Security and Privacy.

[7] Stefano Zanero,et al. Phoenix: DGA-Based Botnet Tracking and Intelligence , 2014, DIMVA.

[8] Christo Wilson,et al. Tracing Information Flows Between Ad Exchanges Using Retargeted Ads , 2018, USENIX Security Symposium.

[9] Christian Rossow,et al. RUHR-UNIVERSITÄT BOCHUM , 2014 .

[10] Vern Paxson,et al. Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension , 2016, WWW.

[11] Nick Feamster,et al. Building a Dynamic Reputation System for DNS , 2010, USENIX Security Symposium.

[12] Nick Feamster,et al. PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration , 2016, CCS.