Browsed by
Tag: spam

Threat Identification Using Active DNS Measurements

Threat Identification Using Active DNS Measurements

The DNS is a core service for the Internet. Most uses of the DNS are benign, but some are malicious. Attackers often use a DNS do- main to enable an attack (e.g. DDoS attacks). Detection of these attacks often happens passively, but this leads to a reactive detection of attacks. However, registering and configuring a domain takes time. We want to pro-actively identify malicious domains during this time. Identifying ma- licious domains before they are used allows to pre-emptively stop…

Read More Read More

Melting the Snow: Using Active DNS Measurements to Detect Snowshoe Spam Domains

Melting the Snow: Using Active DNS Measurements to Detect Snowshoe Spam Domains

Snowshoe spam is a type of spam which is notoriously hard to detect. Differently from regular spam, snowshoe spammers distribute the volume among many hosts, in order to make detection harder. To be successful, however spammers need to appear as legitimate as possible, for example, by adopting email best practice like Sender Policy Framework (SPF). This requires spammers to register and configure legitimate DNS domains. Previous studies uses DNS data to detect spam. However, this often happens based on passive…

Read More Read More

Best Paper Award at NOMS 2018

Best Paper Award at NOMS 2018

TIDE was present at  the Network Operations and  Management Symposion (NOMS 2018) conference in Taipei, Taiwan. Olivier was there to present “Melting the Snow: Detecting Snowshoe Spam Domains Using Active DNS Measurements”. NOMS 2018 was held in Taipei, Taiwan, from the 23rd till the 27th of April. NOMS has been held in every even-numbered year since 1988. This was the 30th anniversary of NOMS. Our work was very well received at the conference. So well, in fact, that they gave…

Read More Read More

TIDE goes to FOSDEM (video available)

TIDE goes to FOSDEM (video available)

FOSDEM is a yearly event in the last weekend of Januari (or the first weekend of Februari). FOSDEM stands for Free Open-Source Developer Europe Meeting. At the event state of the art open-source software is discussed, presented and enjoyed. This year there is a DNS devroom. On sunday at 11:35 Olivier will hold a talk there titled ‘Melting the Snow: Using Active DNS Measurements to Detect Snowshoe Spam Domains’. Since the event is entirely free, be sure to visit! Update:…

Read More Read More

Snowshoe Spam Detection Through DNS Measurements

Snowshoe Spam Detection Through DNS Measurements

  Snowshoe Spam   We started the TIDE project with Snowshoe Spam domain detection. But what is Snowshoe Spam? In Snowshoe Spam the spammer tries to spread the sending load over numerous hosts, and thus reducing the amount of spam each hosts sends. This makes each host separate hard to detect. It means that the spammer is less likely to end up on spam reputation lists (blacklists) and is therefore able to continue spamming for longer.