SemOpenAlex |

SemOpenAlex

Matches in SemOpenAlex for { <https://semopenalex.org/work/W3012201245> ?p ?o ?g. }

Showing items 1 to 85 of 85 with 100 items per page.

W3012201245 abstract "The domain name system (DNS) is a crucial backbone of the Internet and millions of new domains are created on a daily basis. While the vast majority of these domains are legitimate, adversaries also register new hostnames to carry out nefarious purposes, such as scams, phishing, data stealing via DNS tunneling or other types of attacks in context of e-crime. In this paper, we present insights on the global utilization of DNS through a measurement study examining exclusively newly observed hostnames via passive DNS data analysis. We analyzed more than two billion such hostnames collected over a period of two months. Surprisingly, we find that only three second-level domains are responsible for more than half of all newly observed hostnames every day. More specifically, we found that Google's Accelerated Mobile Pages (AMP) project, the music streaming service Spotify, and a DNS tunnel provider generate the majority of new domains on the Internet. DNS tunneling is a covert channel technique to transfer arbitrary information over DNS via DNS queries and answers. This technique is often (ab)used by attackers to transfer data in a stealthy way, bypassing traditional network security systems. We find that potential DNS tunnels cause a significant fraction of the global DNS requests for new hostnames: our analysis reveals that nearly all resource record type NULL requests and more than a third of all TXT requests can be attributed to DNS tunnels. Motivated by these empirical measurement results, we propose and implement a method to identify DNS tunnels via a step-wise filtering approach that relies on general characteristics of such tunnels (e.g., number of subdomains or resource record type). Using our approach on empirical data, we successfully identified 273 suspicious domains related to DNS tunnels, including two known APT campaigns (Wekby and APT32)." @default.
W3012201245 created "2020-03-23" @default.
W3012201245 creator A5016720951 @default.
W3012201245 creator A5056790702 @default.
W3012201245 creator A5090598694 @default.
W3012201245 date "2019-11-01" @default.
W3012201245 modified "2023-10-04" @default.
W3012201245 title "Below the Radar: Spotting DNS Tunnels in Newly Observed Hostnames in the Wild" @default.
W3012201245 cites W1487185763 @default.
W3012201245 cites W1907846276 @default.
W3012201245 cites W1970499440 @default.
W3012201245 cites W1989598342 @default.
W3012201245 cites W1993114740 @default.
W3012201245 cites W1998179895 @default.
W3012201245 cites W2004078625 @default.
W3012201245 cites W2010573219 @default.
W3012201245 cites W2020372509 @default.
W3012201245 cites W2036286049 @default.
W3012201245 cites W2046577372 @default.
W3012201245 cites W2100644924 @default.
W3012201245 cites W2144578696 @default.
W3012201245 cites W2150593342 @default.
W3012201245 cites W2290364176 @default.
W3012201245 cites W2344804892 @default.
W3012201245 cites W2755886689 @default.
W3012201245 cites W2766805006 @default.
W3012201245 cites W2773056559 @default.
W3012201245 cites W2902942389 @default.
W3012201245 cites W2903228053 @default.
W3012201245 cites W2948569047 @default.
W3012201245 cites W2960131357 @default.
W3012201245 cites W3023762229 @default.
W3012201245 cites W4233880054 @default.
W3012201245 cites W85558978 @default.
W3012201245 doi "https://doi.org/10.1109/ecrime47957.2019.9037595" @default.
W3012201245 hasPublicationYear "2019" @default.
W3012201245 type Work @default.
W3012201245 sameAs 3012201245 @default.
W3012201245 citedByCount "2" @default.
W3012201245 countsByYear W30122012452023 @default.
W3012201245 crossrefType "proceedings-article" @default.
W3012201245 hasAuthorship W3012201245A5016720951 @default.
W3012201245 hasAuthorship W3012201245A5056790702 @default.
W3012201245 hasAuthorship W3012201245A5090598694 @default.
W3012201245 hasConcept C105320234 @default.
W3012201245 hasConcept C110875604 @default.
W3012201245 hasConcept C136764020 @default.
W3012201245 hasConcept C151730666 @default.
W3012201245 hasConcept C22735295 @default.
W3012201245 hasConcept C2779343474 @default.
W3012201245 hasConcept C31258907 @default.
W3012201245 hasConcept C35026560 @default.
W3012201245 hasConcept C38652104 @default.
W3012201245 hasConcept C41008148 @default.
W3012201245 hasConcept C86803240 @default.
W3012201245 hasConcept C93996380 @default.
W3012201245 hasConceptScore W3012201245C105320234 @default.
W3012201245 hasConceptScore W3012201245C110875604 @default.
W3012201245 hasConceptScore W3012201245C136764020 @default.
W3012201245 hasConceptScore W3012201245C151730666 @default.
W3012201245 hasConceptScore W3012201245C22735295 @default.
W3012201245 hasConceptScore W3012201245C2779343474 @default.
W3012201245 hasConceptScore W3012201245C31258907 @default.
W3012201245 hasConceptScore W3012201245C35026560 @default.
W3012201245 hasConceptScore W3012201245C38652104 @default.
W3012201245 hasConceptScore W3012201245C41008148 @default.
W3012201245 hasConceptScore W3012201245C86803240 @default.
W3012201245 hasConceptScore W3012201245C93996380 @default.
W3012201245 hasLocation W30122012451 @default.
W3012201245 hasOpenAccess W3012201245 @default.
W3012201245 hasPrimaryLocation W30122012451 @default.
W3012201245 hasRelatedWork W1513626637 @default.
W3012201245 hasRelatedWork W1954903228 @default.
W3012201245 hasRelatedWork W2009636435 @default.
W3012201245 hasRelatedWork W2009799512 @default.
W3012201245 hasRelatedWork W2033818207 @default.
W3012201245 hasRelatedWork W2336393324 @default.
W3012201245 hasRelatedWork W2934080905 @default.
W3012201245 hasRelatedWork W3013180214 @default.
W3012201245 hasRelatedWork W3133848745 @default.
W3012201245 hasRelatedWork W90902614 @default.
W3012201245 isParatext "false" @default.
W3012201245 isRetracted "false" @default.
W3012201245 magId "3012201245" @default.
W3012201245 workType "article" @default.