Nov 29 – 30, 2021
UTC timezone
OARC 36 Day 1 - begins 14:00 UTC Today 29 November

A Measurement-based Investigation of DNS Hijacking

Nov 29, 2021, 3:25 PM
Standard Presentation Online Workshop OARC 36 Day 1


Shuai Hao (Old Dominion University)


Attacks against DNS have long plagued the Internet, requiring continual investigation and vigilance to prevent the abuse of this critical infrastructure. In recent years, the severity of DNS hijacking has motivated renewed interest in developing more robust defenses. The size, dynamism, and diversity of the DNS ecosystem present nontrivial challenges to crafting an effective and scalable defense. Further, the relative rarity of documented DNS hijacking attacks makes them difficult to study in-depth. In this study, we attempt to address the challenges in two thrusts. We first conduct an analysis based on the reports of confirmed DNS hijacking attacks and passive DNS records to characterize known DNS hijacking attacks and identify features for building defense mechanisms. Then we explore the extent to which the characteristic features can be used to build a DNS hijacking detection mechanism and evaluate its effectiveness from the perspective of a network gateway.

Primary author

Shuai Hao (Old Dominion University)

Presentation materials