Mirai and Hajime are two large botnets that came to prominence in the Fall of 2016, notably due to Mirai’s launching of several large DDoS attacks. The propagation method of the two botnets is similar, drawing upon poor security measures in IoT devices. While reverseengineering efforts have detailed the propagation logic, measuring the actual growth of each botnet remains difficult, with curren...

The Internet Domain Name System (DNS) is an essential part of the Internet infrastructure. Each web site or email lookup involves traversing a tree-structured distributed database to complete the mapping from a hostname to an IP address. The root and top level domain (TLD) nameservers form the highest level of authority over the Internet naming hierarchy, and are thus potentially involved in re...

This paper describes an attack concept termed Drive-by Pharming where an attacker sets up a web page that, when simply viewed by the victim (on a JavaScript-enabled browser), attempts to change the DNS server settings on the victim’s home broadband router. As a result, future DNS queries are resolved by a DNS server of the attacker’s choice. The attacker can direct the victim’s Internet traffic...

We present the current estimates of the Galactic merger rate of double-neutron-star (DNS) systems. Using a statistical analysis method, we calculate the probability distribution function (PDF) of the rate estimates, which allows us to assign confidence intervals to the rate estimates. We calculate the Galactic DNS merger rate based on the three known systems B1913+16, B1534+12, and J0737-3039. ...

Botnet has become one major Internet security issue in recent years. Although signature-based solutions are accurate, it is not possible to detect bot variants in real-time. In this paper, we propose behavior-based botnet detection in parallel (BBDP). BBDP adopts a fuzzy pattern recognition approach to detect bots. It detects a bot based on anomaly behavior in DNS queries and TCP requests. With...

Anycast is widely used in critical Internet infrastructures, including root DNS servers, to improve their scalability, resilience, and geographic proximity to clients. In practice, anycast depends on interdomain routing to direct clients to their “closest” sites. As a result, anycast’s performance is largely a result of available BGP routes. We provide what we believe to be the first longitudin...

Privacy leaks are an unfortunate and an integral part of the current Internet domain name resolution. Each DNS query generated by a user reveals – to one or more DNS servers – the origin and target of that query. Over time, a user’s browsing behavior might be exposed to entities with little or no trust. Current DNS privacy leaks stem from fundamental features of DNS and are not easily fixable b...

Denial-of-Service attacks have rapidly increased in terms of frequency and intensity, steadily becoming one of the biggest threats to Internet stability and reliability. However, a rigorous comprehensive characterization of this phenomenon, and of countermeasures to mitigate the associated risks, faces many infrastructure and analytic challenges. We make progress toward this goal, by introducin...