On the Potential of Proactive Domain Blacklisting
نویسندگان
چکیده
In this paper we explore the potential of leveraging properties inherent to domain registrations and their appearance in DNS zone files to predict the malicious use of domains proactively, using only minimal observation of known-bad domains to drive our inference. Our analysis demonstrates that our inference procedure derives on average 3.5 to 15 new domains from a given known-bad domain. 93% of these inferred domains subsequently appear suspect (based on third-party assessments), and nearly 73% eventually appear on blacklists themselves. For these latter, proactively blocking based on our predictions provides a median headstart of about 2 days versus using a reactive blacklist, though this gain varies widely for
منابع مشابه
Proactive Discovery of Phishing Related Domain Names
Phishing is an important security issue to the Internet, which has a significant economic impact. The main solution to counteract this threat is currently reactive blacklisting; however, as phishing attacks are mainly performed over short periods of time, reactive methods are too slow. As a result, new approaches to early identify malicious websites are needed. In this paper a new proactive dis...
متن کاملIdentifying New Spam Domains by Hosting IPs: Improving Domain Blacklisting
This paper studies the possibility of using hosting IP addresses to identify potential spam domains. Current domain blacklisting may not be effective if spammers keep replacing blacklisted domains with newly registered domains. In this study, we cluster spam domains based on their hosting IP addresses and associated email subjects. We found some hosting IP addresses were heavily used by spammer...
متن کاملEmpirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting
Using ground truth sales data for over 40K unlicensed prescription pharmaceuticals sites, we present an economic analysis of two aspects of domain abuse in the online counterfeit drug market. First, we characterize the nature of domains abused by affiliate spammers to monetize what is evidently an overwhelming demand for these drugs. We found that the most successful affiliates are agile in ada...
متن کاملNo Negotiation, Limited Negotiation, and Extended Negotiation in Proactive Focus on Form in Vocabulary Acquisition
Negotiation, as an interactional strategy and proactive focus on form (FoF) have received increased attention in second language research. The combination of negotiation and proactive FoF, however, has not been examined in relation to L2 vocabulary learning. To address this gap, the present study investigated how the amount of negotiation and proactive FoF impacted learners’ vocabulary knowledg...
متن کاملA Survey of Anonymous Blacklisting Systems
Anonymous communications networks, such as Tor, help to solve the real and important problem of enabling users to communicate privately over the Internet. However, by doing so, they also introduce an entirely new problem: How can service providers on the Internet allow anonymous access while protecting themselves against abuse by misbehaving anonymous users? Recent research efforts have propose...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010