Standard

Cybercrime after the sunrise : A statistical analysis of DNS abuse in new gTLDs. / Korczyński, Maciej; Wullink, Maarten; Tajalizadehkhoob, Samaneh; Moura, Giovane C.M.; Noroozian, Arman; Bagley, Drew; Hesselman, Cristian.

ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), 2018. p. 609-623.

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Harvard

Korczyński, M, Wullink, M, Tajalizadehkhoob, S, Moura, GCM, Noroozian, A, Bagley, D & Hesselman, C 2018, Cybercrime after the sunrise: A statistical analysis of DNS abuse in new gTLDs. in ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 609-623, 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018, Incheon, Korea, Republic of, 4/06/18. https://doi.org/10.1145/3196494.3196548

APA

Korczyński, M., Wullink, M., Tajalizadehkhoob, S., Moura, G. C. M., Noroozian, A., Bagley, D., & Hesselman, C. (2018). Cybercrime after the sunrise: A statistical analysis of DNS abuse in new gTLDs. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security (pp. 609-623). Association for Computing Machinery (ACM). https://doi.org/10.1145/3196494.3196548

Vancouver

Korczyński M, Wullink M, Tajalizadehkhoob S, Moura GCM, Noroozian A, Bagley D et al. Cybercrime after the sunrise: A statistical analysis of DNS abuse in new gTLDs. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM). 2018. p. 609-623 https://doi.org/10.1145/3196494.3196548

Author

Korczyński, Maciej ; Wullink, Maarten ; Tajalizadehkhoob, Samaneh ; Moura, Giovane C.M. ; Noroozian, Arman ; Bagley, Drew ; Hesselman, Cristian. / Cybercrime after the sunrise : A statistical analysis of DNS abuse in new gTLDs. ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), 2018. pp. 609-623

BibTeX

@inproceedings{637398e5f38c4b1f87b49a5a238e2f7b,
title = "Cybercrime after the sunrise: A statistical analysis of DNS abuse in new gTLDs",
abstract = "To enhance competition and choice in the domain name system, ICANN introduced the new gTLD program, which added hundreds of new gTLDs (e.g. .nyc, .io) to the root DNS zone. While the program arguably increased the range of domain names available to consumers, it might also have created new opportunities for cybercriminals. To investigate that, we present the first comparative study of abuse in the domains registered under the new gTLD program and legacy gTLDs (18 in total, such as .com, .org). We combine historical datasets from various sources, including DNS zone files, WHOIS records, passive and active DNS and HTTP measurements, and 11 reputable abuse feeds to study abuse across gTLDs. We find that the new gTLDs appear to have diverted abuse from the legacy gTLDs: while the total number of domains abused for spam remains stable across gTLDs, we observe a growing number of spam domains in new gTLDs which suggests a shift from legacy gTLDs to new gTLDs. Although legacy gTLDs had a rate of 56.9 spam domains per 10,000 registrations (Q4 2016), new gTLDs experienced a rate of 526.6 in the same period-which is almost one order of magnitude higher. In this study, we also analyze the relationship between DNS abuse, operator security indicators and the structural properties of new gTLDs. The results indicate that there is an inverse correlation between abuse and stricter registration policies. Our findings suggest that cybercriminals increasingly prefer to register, rather than hack, domain names and some new gTLDs have become a magnet for malicious actors. ICANN is currently using these results to review the existing anti-abuse safeguards, evaluate their joint effects and to introduce more effective safeguards before an upcoming new gTLD rollout.",
keywords = "Cybercrime, DNS, Registrars, Security Metrics, Top-Level Domains",
author = "Maciej Korczyński and Maarten Wullink and Samaneh Tajalizadehkhoob and Moura, {Giovane C.M.} and Arman Noroozian and Drew Bagley and Cristian Hesselman",
year = "2018",
month = "5",
day = "29",
doi = "10.1145/3196494.3196548",
language = "English",
pages = "609--623",
booktitle = "ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

RIS

TY - GEN

T1 - Cybercrime after the sunrise

T2 - A statistical analysis of DNS abuse in new gTLDs

AU - Korczyński, Maciej

AU - Wullink, Maarten

AU - Tajalizadehkhoob, Samaneh

AU - Moura, Giovane C.M.

AU - Noroozian, Arman

AU - Bagley, Drew

AU - Hesselman, Cristian

PY - 2018/5/29

Y1 - 2018/5/29

N2 - To enhance competition and choice in the domain name system, ICANN introduced the new gTLD program, which added hundreds of new gTLDs (e.g. .nyc, .io) to the root DNS zone. While the program arguably increased the range of domain names available to consumers, it might also have created new opportunities for cybercriminals. To investigate that, we present the first comparative study of abuse in the domains registered under the new gTLD program and legacy gTLDs (18 in total, such as .com, .org). We combine historical datasets from various sources, including DNS zone files, WHOIS records, passive and active DNS and HTTP measurements, and 11 reputable abuse feeds to study abuse across gTLDs. We find that the new gTLDs appear to have diverted abuse from the legacy gTLDs: while the total number of domains abused for spam remains stable across gTLDs, we observe a growing number of spam domains in new gTLDs which suggests a shift from legacy gTLDs to new gTLDs. Although legacy gTLDs had a rate of 56.9 spam domains per 10,000 registrations (Q4 2016), new gTLDs experienced a rate of 526.6 in the same period-which is almost one order of magnitude higher. In this study, we also analyze the relationship between DNS abuse, operator security indicators and the structural properties of new gTLDs. The results indicate that there is an inverse correlation between abuse and stricter registration policies. Our findings suggest that cybercriminals increasingly prefer to register, rather than hack, domain names and some new gTLDs have become a magnet for malicious actors. ICANN is currently using these results to review the existing anti-abuse safeguards, evaluate their joint effects and to introduce more effective safeguards before an upcoming new gTLD rollout.

AB - To enhance competition and choice in the domain name system, ICANN introduced the new gTLD program, which added hundreds of new gTLDs (e.g. .nyc, .io) to the root DNS zone. While the program arguably increased the range of domain names available to consumers, it might also have created new opportunities for cybercriminals. To investigate that, we present the first comparative study of abuse in the domains registered under the new gTLD program and legacy gTLDs (18 in total, such as .com, .org). We combine historical datasets from various sources, including DNS zone files, WHOIS records, passive and active DNS and HTTP measurements, and 11 reputable abuse feeds to study abuse across gTLDs. We find that the new gTLDs appear to have diverted abuse from the legacy gTLDs: while the total number of domains abused for spam remains stable across gTLDs, we observe a growing number of spam domains in new gTLDs which suggests a shift from legacy gTLDs to new gTLDs. Although legacy gTLDs had a rate of 56.9 spam domains per 10,000 registrations (Q4 2016), new gTLDs experienced a rate of 526.6 in the same period-which is almost one order of magnitude higher. In this study, we also analyze the relationship between DNS abuse, operator security indicators and the structural properties of new gTLDs. The results indicate that there is an inverse correlation between abuse and stricter registration policies. Our findings suggest that cybercriminals increasingly prefer to register, rather than hack, domain names and some new gTLDs have become a magnet for malicious actors. ICANN is currently using these results to review the existing anti-abuse safeguards, evaluate their joint effects and to introduce more effective safeguards before an upcoming new gTLD rollout.

KW - Cybercrime

KW - DNS

KW - Registrars

KW - Security Metrics

KW - Top-Level Domains

UR - http://www.scopus.com/inward/record.url?scp=85049154920&partnerID=8YFLogxK

U2 - 10.1145/3196494.3196548

DO - 10.1145/3196494.3196548

M3 - Conference contribution

SP - 609

EP - 623

BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security

PB - Association for Computing Machinery (ACM)

ER -

ID: 57302728