Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Large Scale DNS Traffic Analysis of Malicious Internet Activity with a Focus on Evaluating the Response Time of Blocking Phishing Sites

Spring, Jonathan M. (2010) Large Scale DNS Traffic Analysis of Malicious Internet Activity with a Focus on Evaluating the Response Time of Blocking Phishing Sites. Master's Thesis, University of Pittsburgh. (Unpublished)

[img]
Preview
PDF
Primary Text

Download (823kB) | Preview

Abstract

This thesis explores four research areas that are examined using DNS traffic analysis. The tools used for this analysis are presented first. The four topics examined are domain mapping, response time of anti-phishing block lists to find the phishing sites, automated identification of malicious fast-flux hosting domains, and identification of distributed denial of service attacks. The first three approaches yielded successful results, and the fourth yields primarily negative lessons for using DNS traffic analysis in such a scenario. Much of the analysis concerns the anti-phishing response time, which has yielded tentative results. It is found that there is significant overlap between the automatically identified fast-flux sites and those sites on the block list. It appears that domains were being put onto the list approximately 11 hours after becoming active, in the median case, which is very nearly the median lifetime of a phishing site. More recently collected data indicates that this result is extremely difficult to verify. While further work is necessary to verify these claims, the initial indication is that finding and listing phishing sites is the bottleneck in propagating data to protect consumers from malicious phishing sites.


Share

Citation/Export:
Social Networking:
Share |

Details

Item Type: University of Pittsburgh ETD
Status: Unpublished
Creators/Authors:
CreatorsEmailPitt UsernameORCID
Spring, Jonathan M.jms144@pitt.eduJMS144
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee CoChairStoner, Edwarders@cert.org
Committee CoChairKrishnamurthy, Prashantprashk@pitt.eduPRASHK
Committee MemberTipper, Davidtipper@tele.pitt.eduDTIPPER
Committee MemberJoshi, Jamesjjoshi@sis.pitt.eduJJOSHI
Committee MemberFaber, Sidneysfaber@cert.org
Date: 12 May 2010
Date Type: Completion
Defense Date: 21 April 2010
Approval Date: 12 May 2010
Submission Date: 28 April 2010
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Institution: University of Pittsburgh
Schools and Programs: School of Information Sciences > Information Science
Degree: MSIS - Master of Science in Information Science
Thesis Type: Master's Thesis
Refereed: Yes
Uncontrolled Keywords: ; DDoS; DNS; DNS database; fast-flux; ncap; phish
Other ID: http://etd.library.pitt.edu/ETD/available/etd-04282010-234303/, etd-04282010-234303
Date Deposited: 10 Nov 2011 19:43
Last Modified: 15 Nov 2016 13:42
URI: http://d-scholarship.pitt.edu/id/eprint/7721

Metrics

Monthly Views for the past 3 years

Plum Analytics


Actions (login required)

View Item View Item