Spring, Jonathan M.
(2010)
Large Scale DNS Traffic Analysis of Malicious Internet Activity with a Focus on Evaluating the Response Time of Blocking Phishing Sites.
Master's Thesis, University of Pittsburgh.
(Unpublished)
Abstract
This thesis explores four research areas that are examined using DNS traffic analysis. The tools used for this analysis are presented first. The four topics examined are domain mapping, response time of anti-phishing block lists to find the phishing sites, automated identification of malicious fast-flux hosting domains, and identification of distributed denial of service attacks. The first three approaches yielded successful results, and the fourth yields primarily negative lessons for using DNS traffic analysis in such a scenario. Much of the analysis concerns the anti-phishing response time, which has yielded tentative results. It is found that there is significant overlap between the automatically identified fast-flux sites and those sites on the block list. It appears that domains were being put onto the list approximately 11 hours after becoming active, in the median case, which is very nearly the median lifetime of a phishing site. More recently collected data indicates that this result is extremely difficult to verify. While further work is necessary to verify these claims, the initial indication is that finding and listing phishing sites is the bottleneck in propagating data to protect consumers from malicious phishing sites.
Share
Citation/Export: |
|
Social Networking: |
|
Details
Item Type: |
University of Pittsburgh ETD
|
Status: |
Unpublished |
Creators/Authors: |
|
ETD Committee: |
|
Date: |
12 May 2010 |
Date Type: |
Completion |
Defense Date: |
21 April 2010 |
Approval Date: |
12 May 2010 |
Submission Date: |
28 April 2010 |
Access Restriction: |
No restriction; Release the ETD for access worldwide immediately. |
Institution: |
University of Pittsburgh |
Schools and Programs: |
School of Information Sciences > Information Science |
Degree: |
MSIS - Master of Science in Information Science |
Thesis Type: |
Master's Thesis |
Refereed: |
Yes |
Uncontrolled Keywords: |
; DDoS; DNS; DNS database; fast-flux; ncap; phish |
Other ID: |
http://etd.library.pitt.edu/ETD/available/etd-04282010-234303/, etd-04282010-234303 |
Date Deposited: |
10 Nov 2011 19:43 |
Last Modified: |
15 Nov 2016 13:42 |
URI: |
http://d-scholarship.pitt.edu/id/eprint/7721 |
Metrics
Monthly Views for the past 3 years
Plum Analytics
Actions (login required)
|
View Item |