Improving access to DNS datasets through the large-scale collection of Active-DNS data

Files
KOUNTOURAS-DISSERTATION-2023.pdf (8.61 MB)
Author(s)
Kountouras, Athanasios
Advisor(s)
Antonakakis, Manos
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
School of Computer Science
School established in 2007
Series
Collections
Theses and Dissertations
Supplementary to:
Permanent Link
https://hdl.handle.net/1853/72062
Abstract
The Internet has changed significantly in size, interconnectedness, speed, capability, and usability over the years. Especially after a few years of remote work and remote learning, we can safely say that the Internet is an essential resource for the modern world. While the internet has gone through massive expansion, the backbone of interconnected networks still rely on many of the same fundamental technologies. The Domain Name System (DNS) is one of those fundamental Internet technologies; its main task is to translate human readable domain names into resources on the ever-growing network. Due to the vantage point it provides, the security community continues to leverage the Domain Name System for studying current abuse and as a building block for tools that combat new and existing internet threats. In order to develop, evaluate, and deploy defensive mechanisms, researchers and threat analysts need access to quality datasets. Such datasets will enable new algorithms and methodologies that can assist with early detection, better tracking, and a fuller understanding of the lifetime of modern Internet threats. To that end, this thesis presents the concept of Active DNS data collection through a distributed querying infrastructure. More specifically, we show how this new public dataset, which we name Active DNS, compares against traditionally utilized passive DNS datasets. We document our system’s unique features that enable it to function as an alternative to passive DNS data in many applications. We then demonstrate the ability of Active DNS data to detect online abuse by utilizing it to amplify already known malicious web infrastructure and potentially identify new abusive infrastructure before use. Finally, we show how our distributed querying system, Thales, allows us to study the operational aspects of the global DNS infrastructure, explicitly investigating the proliferation of a new DNS extension and measuring the impact and efficacy of this new DNS extension through active probing.
Sponsor
Date
2023-04-28
Extent
Resource Type
Text
Resource Subtype
Dissertation
Rights Statement
Rights URI