Large Scale DNS Traffic Analysis of Malicious Internet Activity with a Focus on Evaluating the Response Time of Blocking Phishing Sites

Spring, Jonathan M. (2010) Large Scale DNS Traffic Analysis of Malicious Internet Activity with a Focus on Evaluating the Response Time of Blocking Phishing Sites. Master's Thesis, University of Pittsburgh. (Unpublished)

Preview

PDF Primary Text Download (823kB) | Preview

Abstract

This thesis explores four research areas that are examined using DNS traffic analysis. The tools used for this analysis are presented first. The four topics examined are domain mapping, response time of anti-phishing block lists to find the phishing sites, automated identification of malicious fast-flux hosting domains, and identification of distributed denial of service attacks. The first three approaches yielded successful results, and the fourth yields primarily negative lessons for using DNS traffic analysis in such a scenario. Much of the analysis concerns the anti-phishing response time, which has yielded tentative results. It is found that there is significant overlap between the automatically identified fast-flux sites and those sites on the block list. It appears that domains were being put onto the list approximately 11 hours after becoming active, in the median case, which is very nearly the median lifetime of a phishing site. More recently collected data indicates that this result is extremely difficult to verify. While further work is necessary to verify these claims, the initial indication is that finding and listing phishing sites is the bottleneck in propagating data to protect consumers from malicious phishing sites.

---

Share

Citation/Export:	Select format... Citation - Text Citation - HTML Endnote BibTex Dublin Core OpenURL MARC (ISO 2709) METS MODS EP3 XML Reference Manager Refer
Social Networking:	Share |

---

Details

Item Type:	University of Pittsburgh ETD
Status:	Unpublished
Creators/Authors:	Creators Email Pitt Username ORCID Spring, Jonathan M. jms144@pitt.edu JMS144
ETD Committee:	Title Member Email Address Pitt Username ORCID Committee CoChair Stoner, Edward ers@cert.org Committee CoChair Krishnamurthy, Prashant prashk@pitt.edu PRASHK Committee Member Tipper, David tipper@tele.pitt.edu DTIPPER Committee Member Joshi, James jjoshi@sis.pitt.edu JJOSHI Committee Member Faber, Sidney sfaber@cert.org
Date:	12 May 2010
Date Type:	Completion
Defense Date:	21 April 2010
Approval Date:	12 May 2010
Submission Date:	28 April 2010
Access Restriction:	No restriction; Release the ETD for access worldwide immediately.
Institution:	University of Pittsburgh
Schools and Programs:	School of Information Sciences > Information Science
Degree:	MSIS - Master of Science in Information Science
Thesis Type:	Master's Thesis
Refereed:	Yes
Uncontrolled Keywords:	; DDoS; DNS; DNS database; fast-flux; ncap; phish
Other ID:	http://etd.library.pitt.edu/ETD/available/etd-04282010-234303/, etd-04282010-234303
Date Deposited:	10 Nov 2011 19:43
Last Modified:	15 Nov 2016 13:42
URI:	http://d-scholarship.pitt.edu/id/eprint/7721

---

Metrics

Monthly Views for the past 3 years

Plum Analytics

---

Actions (login required)

View Item