on the potential of proactive domain blacklisting
play

On the Potential of Proactive Domain Blacklisting Mrk Flegyhzi, - PowerPoint PPT Presentation

Nov 18, 2023 •246 likes •657 views

On the Potential of Proactive Domain Blacklisting Mrk Flegyhzi, Christian Kreibich and Vern Paxson ICSI, Berkeley Spam domain registrations Kreibich et al., Spamcraft: An inside look at spam campaign orchestration LEET 2009 (CCIED:

  1. On the Potential of Proactive Domain Blacklisting Márk Félegyházi, Christian Kreibich and Vern Paxson ICSI, Berkeley

  2. Spam domain registrations Kreibich et al., “Spamcraft: An inside look at spam campaign orchestration” LEET 2009 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 2

  3. Spam domain registrations domains dropped soon after ● blacklisted Kreibich et al., “Spamcraft: An inside look at spam campaign orchestration” LEET 2009 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 3

  4. Spam domain registrations domains dropped soon after ● blacklisted domains registered in batches ● Kreibich et al., “Spamcraft: An inside look at spam campaign orchestration” LEET 2009 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 4

  5. Proactive domain clustering 5

  6. Proactive domain clustering 6

  7. Name server features .COM zone file - NS records 7

  8. Name server features .COM zone file - NS records 8

  9. Name server features .COM zone file - NS records 9

  10. Name server features .COM zone file - NS records 10

  11. Name server features .COM zone file - NS records 11

  12. Registration features WHOIS registry records 12

  13. Registration features WHOIS registry records 13

  14. Registration features WHOIS registry records 14

  15. Evaluation 15

  16. Evaluation 16

  17. Evaluation 17

  18. Evaluation 18

  19. Evaluation 19

  20. Prediction accuracy 20

  21. Prediction accuracy good true positive rate, only few false positives ● # of false positives vary across clusters ● – 84% of clusters have no potential FPs (unknown) 21

  22. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 22

  23. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 23

  24. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 24

  25. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 25

  26. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains ● large cluster: 1746 domains – part of a set of 80k domains – registered under a single name in Albania in Jan and Feb 2010 26

  27. Time to blacklisting 27

  28. Time to blacklisting 28

  29. Time to blacklisting 29

  30. Summary ● domains registered and used in clusters 30

  31. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information 31

  32. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information ● good accuracy – 73% of inferred domains on blacklists – 93% of domains are suspicious – false positives are often true positives 32

  33. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information ● good accuracy – 73% of inferred domains on blacklists – 93% of domains are suspicious – false positives are often true positives ● faster than blacklists for 92% of the inferred malicious domains 33

  34. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information ● good accuracy – 73% of inferred domains on blacklists – 93% of domains are suspicious – false positives are often true positives ● faster than blacklists for 92% of the inferred malicious domains early response to spam 34

  35. Spam and click volumes Kanich et al., “Spamalytics: An empirical analysis of spam marketing conversion” CCS 2008 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 35

  36. Spam and click volumes Kanich et al., “Spamalytics: An empirical analysis of spam marketing conversion” CCS 2008 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 36

  37. Name server ages 37

  38. NS features ● 82.2% of domains encounter fresh name servers 38

  39. Registration clusters 39

  40. McAfee SiteAdvisor 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*,

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*,

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*, Damon McCoy, Stefan Savage, Geoffrey M. Voelker 2 3 4 5 6 Spam was 70% of total email traffic in 2013 7 buydrugs.com canadianpharmacy.com

686 views • 49 slides
How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
PAPER PRESENTATION: HIGHLY PREDICTIVE BLACKLISTING John Bambenek CS 563 PROBLEM There are

PAPER PRESENTATION: HIGHLY PREDICTIVE BLACKLISTING John Bambenek CS 563 PROBLEM There are

PAPER PRESENTATION: HIGHLY PREDICTIVE BLACKLISTING John Bambenek CS 563 PROBLEM There are tons of malicious events detected by firewalls, intrusion detection systems, web application firewalls, etc. The adversarial infrastructure

656 views • 17 slides
Experimental study of the effects of Transmission Power Control and Blacklisting in Wireless

Experimental study of the effects of Transmission Power Control and Blacklisting in Wireless

Experimental study of the effects of Transmission Power Control and Blacklisting in Wireless Sensor Networks Dongjin Son, Bhaskar Krishnamachari and John Heidemann Presented by Alexander Lash CS525M Introduction Low-power wireless

288 views • 25 slides
Blacklisting the Blacklist in Digital Advertising Improving Delivery by Bidding for What You Can

Blacklisting the Blacklist in Digital Advertising Improving Delivery by Bidding for What You Can

Blacklisting the Blacklist in Digital Advertising Improving Delivery by Bidding for What You Can Win AdKDD2017 Yeming Shi, Claudia Perlich, Ori Stitelman yshi, claudia, ostitelman@dstillery.com Dstillery, Inc. Outline Introduction

635 views • 17 slides
Christmas Island Domain Administration Limited ( cxDA) HIGH RISK REGISTRATIONS IDENTIFICATION

Christmas Island Domain Administration Limited ( cxDA) HIGH RISK REGISTRATIONS IDENTIFICATION

Christmas Island Domain Administration Limited ( cxDA) HIGH RISK REGISTRATIONS IDENTIFICATION PROACTIVE ABUSE MITIGATION Tools provided by: ICANN56 | HELSINKI Initial Try Mandatory manual domain activation with the central registry 2012

784 views • 12 slides
Blacklisting Malicious Web Sites using a Secure Version of the DHT Protocol Kademlia Philipp C.

Blacklisting Malicious Web Sites using a Secure Version of the DHT Protocol Kademlia Philipp C.

Blacklisting Malicious Web Sites using a Secure Version of the DHT Protocol Kademlia Philipp C. Heckel, University of Mannheim, 5/26/09 1 Road Map 1. General Idea 2. Application Design 3. Implementation 4. Testing Philipp C. Heckel,

551 views • 29 slides
ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici www.objectweb.org/ProActive ObjectWeb Architecture meeting July 2nd 2003 1 ProActive A Java API + Tools for Parallel, Distributed Computing A uniform framework: An

921 views • 56 slides
Performance Watereuse Los Angeles Chapter August 14 th , 2018 Proactive vs Reactive Operations

Performance Watereuse Los Angeles Chapter August 14 th , 2018 Proactive vs Reactive Operations

Using Dashboards to Optimize Plant Performance Watereuse Los Angeles Chapter August 14 th , 2018 Proactive vs Reactive Operations Knowledge Operations back Incident of Potential on track Issue Identifying Issue, Field Testing, Water

179 views • 14 slides
Proactive Investor Presentation February 2020 FORWARD LOOKING STATEMENTS This presentation

Proactive Investor Presentation February 2020 FORWARD LOOKING STATEMENTS This presentation

ASX:ANP | OTC:ATHJY Proactive Investor Presentation February 2020 FORWARD LOOKING STATEMENTS This presentation contains forward-looking statements regarding the Companys business & the therapeutic & commercial potential of its

336 views • 15 slides
Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized Omnichannel Users demand Proactive Information Users Expect Brands to Anticipate Their Needs Proactive 76% 63% o f u s e r s o f u s e r s

292 views • 27 slides
Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang

Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang

1. Motivation 2. Gateway Selection Game 3. Equilibrium Selection Learning 4. Evaluation 5. Conclusions Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang Song, Starsky H.Y. Wong, and Kang-Won Lee

901 views • 51 slides
Proactive Customer Service How to do it Well 1 Gather the facts 1 2 1 Think about your

Proactive Customer Service How to do it Well 1 Gather the facts 1 2 1 Think about your

Proactive Customer Service How to do it Well 1 Gather the facts 1 2 1 Think about your customer 3 2 Orchestration Genesys confidential and proprietary information. Unauthorized disclosure is prohibited. Proactive Customer Service

209 views • 16 slides
We Are in This Together Proactive Traffic Safety What You Need to Know Where We

We Are in This Together Proactive Traffic Safety What You Need to Know Where We

PROACTIVE TRAFFIC SAFETY AGENDA We Are in This Together Proactive Traffic Safety What You Need to Know Where We Go from Here We Are in This Together The only acceptable traffic safety goal is to reduce fatalities and

581 views • 20 slides
Investigating a proactive approach for bicyclists safety by using GPS data Conceptual Safety

Investigating a proactive approach for bicyclists safety by using GPS data Conceptual Safety

International Co-operation on Theories and Concepts in Traffic safety (ICTCT) Proactive approach 2425 th October 2019, Warsaw, POLAND Investigating a proactive approach for bicyclists safety by using GPS data Conceptual Safety Pyramid

160 views • 3 slides
ProActive: Distributed and Mobile Objects for the GRID Denis Caromel, et al.

ProActive: Distributed and Mobile Objects for the GRID Denis Caromel, et al.

ProActive: Distributed and Mobile Objects for the GRID Denis Caromel, et al. www.inria.fr/oasis/ProActive OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis, IUF Vers. Mai 12th 2003 Remote Objects, Asynchronous Method

1.44k views • 109 slides
Roadmap 1 Thesis Objectives 2 Enhancements Propagation Loss Models Reception Criteria Frame

Roadmap 1 Thesis Objectives 2 Enhancements Propagation Loss Models Reception Criteria Frame

Accuracy Enhancements of the 802.11 Model and EDCA QoS Extensions in ns-3 Completion Talk Timo Bingmann Decentralized Systems and Network Services Research Group Institute of Telematics, University of Karlsruhe June 26, 2009 Roadmap 1 Thesis

436 views • 10 slides
Visualization of DNS Dependencies and More Casey Deccio Brigham Young University Graph-Based

Visualization of DNS Dependencies and More Casey Deccio Brigham Young University Graph-Based

Visualization of DNS Dependencies and More Casey Deccio Brigham Young University Graph-Based Visualization as a Tool Visual Awareness Humans see trends or more clearly identify problems Data Structures Graphical data structures

310 views • 11 slides
The he Par Partial ial Loss ss of f Referential rential Nul ull l Su Subj bjects ects an

The he Par Partial ial Loss ss of f Referential rential Nul ull l Su Subj bjects ects an

Univ iver ersi sity ty of Texas xas Austin stin Virtual LSRL@50, July 1-3 & 6-8, 2020 The he Par Partial ial Loss ss of f Referential rential Nul ull l Su Subj bjects ects an and Free Inv nver ersion sion in n Braz

663 views • 17 slides
Unified memory Talk outline [28 slides] GPGPU 2015: High Performance Computing with CUDA

Unified memory Talk outline [28 slides] GPGPU 2015: High Performance Computing with CUDA

Unified memory Talk outline [28 slides] GPGPU 2015: High Performance Computing with CUDA University of Cape Town (South Africa), April, 20 th -24 th , 2015 1. State of art of technology [12] 2. Programming with unified memory [4] 3. Examples

544 views • 9 slides
Objectives Principles of ERAS multiple small interventions effect big changes. What is

Objectives Principles of ERAS multiple small interventions effect big changes. What is

Enhanced recovery after surgery (ERAS) Traditional care on POD#1 ERAS care on POD#1 Enhanced recovery in gynecologic surgery improving post-operative care Jocelyn S. Chapman, MD Assistant Professor Department of Obstetrics, Gynecology &

348 views • 7 slides
Racket Values booleans: #t, #f numbers: The Pros of cons : integers: 42 , 0, -273

Racket Values booleans: #t, #f numbers: The Pros of cons : integers: 42 , 0, -273

Racket Values booleans: #t, #f numbers: The Pros of cons : integers: 42 , 0, -273 Programming with Pairs and Lists ra3onals: 2/3 , -251/17 floa3ng point (including scien3fic nota3on): 98.6 , -6.125 , 3.141592653589793, 6.023e23

431 views • 11 slides
Clocking & Timing Asynchronous Self Timed Design Self Timed Design Synchronous Circuit

Clocking & Timing Asynchronous Self Timed Design Self Timed Design Synchronous Circuit

Advanced Digital IC-Design Overview Synchronous Clocking & Timing Asynchronous Self Timed Design Self Timed Design Synchronous Circuit Asynchronous Circuit Req Req Req Handshake Handshake A k Ack Ack A k Ack REG REG REG OUT

349 views • 20 slides
EE 457 Unit 2b Fast Adders (Carry-Lookahead Adder) 2 Carry-Lookahead Adders FAST ADDERS 3

EE 457 Unit 2b Fast Adders (Carry-Lookahead Adder) 2 Carry-Lookahead Adders FAST ADDERS 3

1 EE 457 Unit 2b Fast Adders (Carry-Lookahead Adder) 2 Carry-Lookahead Adders FAST ADDERS 3 Ripple Carry Adder Critical Path Critical Path = Longest possible delay path Assume t sum = 5 ns, t carry = 4 ns X Y X Y X Y X Y 16 ns

467 views • 18 slides

More recommend