OARC 26 (Madrid)

Survey of DNS abuse types from a TLD point of view

15 May 2017, 14:45

15m

Standard Presentation Public Workshop Public Workshop: Security and Privacy

Speaker

Dr Giovane Moura (SIDN Labs)

Description

Please see paper at[1] ,and blogpost at [2] But in short, this is a concise survey paper on the forms of DNS abuse and their relation with TLD operators. We show how we can use the datasets we have in hand to detect these sorts of abuse, and how each of them have different business models that leave distinct traces on our datasets. IMHO, I think other TLD operators may benefit from that. Please keep in mind that this is a short paper (6 pages) to be presented at the DISSEC2017 workshop, co-hosted with IEEE IM 2017. [1] https://www.sidnlabs.nl/downloads/papers-reports/dissect2017.pdf [2] https://www.sidnlabs.nl/a/weblog/survey-of-dns-abuse-types?language_id=2

Summary

Hidden behind domain names, there are lucrative (and ingenious) business models that misuse/abuse the DNS namespace and employ a diversified form of monetization. To curb some of those abuses, many research works have been proposed. However, while having a clear contribution and advancing the state-of-the-art, these works are constrained by their limited datasets and none of them present a survey on the forms of DNS abuse. In this paper, we address these limitations by presenting a case study in one top-level domain (TLD) operator .nl with diverse longitudinal datasets. We then cover eight business models that DNS abusers employ and their respective monetization form, and discuss how TLD operators can employ these datasets to detect these forms of abuse.

Presentation materials

Slides

moura-oarc26.pdf