TIDE: Threat Identification Using Active DNS Measurements, poster submission to SIGCOMM 2017

TIDE: Threat Identification Using Active DNS Measurements, poster submission to SIGCOMM 2017

Poster submitted to SIGCOMM 2017

The Domain Name System contains a wealth of information about the security, stability and health of the Internet. Most research that leverages the DNS for detection of malicious activities does so by using passive measurements. The limitation of this approach, however, is that it is effective only once an attack is ongoing. In this paper, we explore a different approach. We advocate the use of active DNS measurements for pro-active (i.e., before the actual attack) identification of domains set up for malicious use. Our research makes uses of data from the OpenINTEL large-scale active DNS measurement platform, which, since February 2015, collects daily snapshots of currently more than 60% of the DNS namespace. We illustrate the potential of our approach by showing preliminary results in three case studies, namely snowshoe spam, denial of service attacks and a case of targeted phishing known as CEO fraud.

This is the first publication for this project. A poster submission to SIGCOMM 2017. Clicking the image will show the full resolution poster. Clicking here will take you to the poster abstract. Below are the details of the publication.

Title TIDE: Threat Identification Using Active DNS Measurements
Authors Anna Sperotto, Olivier van der Toorn, Roland van Rijswijk-Deij
Publication date 2017/8/22
Conference Proceedings of the SIGCOMM Posters and Demos
Pages 65-67
Publisher ACM
Comments are closed.