Title:
Mimicry Attacks Against DNS Reputation Systems

Thumbnail Image
Files
GALLOWAY-UNDERGRADUATERESEARCHOPTIONTHESIS-2022.pdf (692.22 KB)
Author(s)
Galloway, Tillson Thomas
Authors
Advisor(s)
Antonakakis, Manos
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
Organizational Unit
Series
Collections
Undergraduate Scholarship
Supplementary to
Permanent Link
http://hdl.handle.net/1853/66739
Abstract
The Domain Name System (DNS) has been an essential component of the Internet since 1985, mapping domain names that are easy to remember (e.g. google.com) to IPs that computers use to communicate (e.g. 30.3.5.2). DNS Reputation Systems use machine learning to identify malicious domains using large datasets containing DNS queries. We analyze the robustness of these reputation systems to attack and propose Mimicry Attacks, a novel technique that allows malicious domains to hide by mimicking the behavior of benign network infrastructure. This attack achieves an 85% success rate against active DNS datasets while coming at a low financial cost to the attacker.
Sponsor
Date Issued
2022-05
Extent
Resource Type
Text
Resource Subtype
Undergraduate Thesis
Rights Statement
Rights URI