Name
Title | ||
|---|---|---|
Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains. |
Abstract | ||
|---|---|---|
Domain names have been exploited for illicit online activities for decades. In the past, miscreants mostly registered new domains for their attacks. However, the domains registered for malicious purposes can be deterred by existing reputation and blacklisting systems. In response to the arms race, miscreants have recently adopted a new strategy, called domain shadowing, to build their attack infrastructures. Specifically, instead of registering new domains, miscreants are beginning to compromise legitimate ones and spawn malicious subdomains under them. This has rendered almost all existing countermeasures ineffective and fragile because subdomains inherit the trust of their apex domains, and attackers can virtually spawn an infinite number of shadowed domains.
In this paper, we conduct the first study to understand and detect this emerging threat. Bootstrapped with a set of manually confirmed shadowed domains, we identify a set of novel features that uniquely characterize domain shadowing by analyzing the deviation from their apex domains and the correlation among different apex domains. Building upon these features, we train a classifier and apply it to detect shadowed domains on the daily feeds of VirusTotal, a large open security scanning service. Our study highlights domain shadowing as an increasingly rampant threat. Moreover, while previously confirmed domain shadowing campaigns are exclusively involved in exploit kits, we reveal that they are also widely exploited for phishing attacks. Finally, we observe that instead of algorithmically generating subdomain names, several domain shadowing cases exploit the wildcard DNS records.
|
Year | DOI | Venue |
|---|---|---|
2017 | 10.1145/3133956.3134049 | CCS |
Field | DocType | ISBN |
Arms race,Wildcard,Phishing,Computer science,Bootstrapping,Computer security,Exploit,Blacklisting,Classifier (linguistics),Reputation | Conference | 978-1-4503-4946-8 |
Citations | PageRank | References |
10 | 0.57 | 41 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Daiping Liu | 1 | 53 | 4.91 |
| Zhou Li | 2 | 441 | 30.45 |
| Kun Du | 3 | 33 | 7.22 |
| Haining Wang | 4 | 2574 | 160.07 |
| Baojun Liu | 5 | 32 | 6.80 |
| Haixin Duan | 6 | 237 | 36.86 |