on the potential of proactive domain blacklisting
play

On the Potential of Proactive Domain Blacklisting Mrk Flegyhzi, - PowerPoint PPT Presentation

Nov 18, 2023 •246 likes •657 views

On the Potential of Proactive Domain Blacklisting Mrk Flegyhzi, Christian Kreibich and Vern Paxson ICSI, Berkeley Spam domain registrations Kreibich et al., Spamcraft: An inside look at spam campaign orchestration LEET 2009 (CCIED:

  1. On the Potential of Proactive Domain Blacklisting Márk Félegyházi, Christian Kreibich and Vern Paxson ICSI, Berkeley

  2. Spam domain registrations Kreibich et al., “Spamcraft: An inside look at spam campaign orchestration” LEET 2009 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 2

  3. Spam domain registrations domains dropped soon after ● blacklisted Kreibich et al., “Spamcraft: An inside look at spam campaign orchestration” LEET 2009 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 3

  4. Spam domain registrations domains dropped soon after ● blacklisted domains registered in batches ● Kreibich et al., “Spamcraft: An inside look at spam campaign orchestration” LEET 2009 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 4

  5. Proactive domain clustering 5

  6. Proactive domain clustering 6

  7. Name server features .COM zone file - NS records 7

  8. Name server features .COM zone file - NS records 8

  9. Name server features .COM zone file - NS records 9

  10. Name server features .COM zone file - NS records 10

  11. Name server features .COM zone file - NS records 11

  12. Registration features WHOIS registry records 12

  13. Registration features WHOIS registry records 13

  14. Registration features WHOIS registry records 14

  15. Evaluation 15

  16. Evaluation 16

  17. Evaluation 17

  18. Evaluation 18

  19. Evaluation 19

  20. Prediction accuracy 20

  21. Prediction accuracy good true positive rate, only few false positives ● # of false positives vary across clusters ● – 84% of clusters have no potential FPs (unknown) 21

  22. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 22

  23. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 23

  24. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 24

  25. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains 25

  26. A note on false positives ● some other clusters (example: 123 domains, 119 FP) – many noun-noun domains ● large cluster: 1746 domains – part of a set of 80k domains – registered under a single name in Albania in Jan and Feb 2010 26

  27. Time to blacklisting 27

  28. Time to blacklisting 28

  29. Time to blacklisting 29

  30. Summary ● domains registered and used in clusters 30

  31. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information 31

  32. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information ● good accuracy – 73% of inferred domains on blacklists – 93% of domains are suspicious – false positives are often true positives 32

  33. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information ● good accuracy – 73% of inferred domains on blacklists – 93% of domains are suspicious – false positives are often true positives ● faster than blacklists for 92% of the inferred malicious domains 33

  34. Summary ● domains registered and used in clusters ● more malicious domains based on a few seeds and domain registry information ● good accuracy – 73% of inferred domains on blacklists – 93% of domains are suspicious – false positives are often true positives ● faster than blacklists for 92% of the inferred malicious domains early response to spam 34

  35. Spam and click volumes Kanich et al., “Spamalytics: An empirical analysis of spam marketing conversion” CCS 2008 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 35

  36. Spam and click volumes Kanich et al., “Spamalytics: An empirical analysis of spam marketing conversion” CCS 2008 (CCIED: The Collaborative Center for Internet Epidemiology and Defenses) 36

  37. Name server ages 37

  38. NS features ● 82.2% of domains encounter fresh name servers 38

  39. Registration clusters 39

  40. McAfee SiteAdvisor 40

Recommend

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*,

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*,

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*, Damon McCoy, Stefan Savage, Geoffrey M. Voelker 2 3 4 5 6 Spam was 70% of total email traffic in 2013 7 buydrugs.com canadianpharmacy.com

686 views • 49 slides
How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
PAPER PRESENTATION: HIGHLY PREDICTIVE BLACKLISTING John Bambenek CS 563 PROBLEM There are

PAPER PRESENTATION: HIGHLY PREDICTIVE BLACKLISTING John Bambenek CS 563 PROBLEM There are

PAPER PRESENTATION: HIGHLY PREDICTIVE BLACKLISTING John Bambenek CS 563 PROBLEM There are tons of malicious events detected by firewalls, intrusion detection systems, web application firewalls, etc. The adversarial infrastructure

656 views • 17 slides
Experimental study of the effects of Transmission Power Control and Blacklisting in Wireless

Experimental study of the effects of Transmission Power Control and Blacklisting in Wireless

Experimental study of the effects of Transmission Power Control and Blacklisting in Wireless Sensor Networks Dongjin Son, Bhaskar Krishnamachari and John Heidemann Presented by Alexander Lash CS525M Introduction Low-power wireless

288 views • 25 slides
Blacklisting the Blacklist in Digital Advertising Improving Delivery by Bidding for What You Can

Blacklisting the Blacklist in Digital Advertising Improving Delivery by Bidding for What You Can

Blacklisting the Blacklist in Digital Advertising Improving Delivery by Bidding for What You Can Win AdKDD2017 Yeming Shi, Claudia Perlich, Ori Stitelman yshi, claudia, ostitelman@dstillery.com Dstillery, Inc. Outline Introduction

635 views • 17 slides
Christmas Island Domain Administration Limited ( cxDA) HIGH RISK REGISTRATIONS IDENTIFICATION

Christmas Island Domain Administration Limited ( cxDA) HIGH RISK REGISTRATIONS IDENTIFICATION

Christmas Island Domain Administration Limited ( cxDA) HIGH RISK REGISTRATIONS IDENTIFICATION PROACTIVE ABUSE MITIGATION Tools provided by: ICANN56 | HELSINKI Initial Try Mandatory manual domain activation with the central registry 2012

784 views • 12 slides
Blacklisting Malicious Web Sites using a Secure Version of the DHT Protocol Kademlia Philipp C.

Blacklisting Malicious Web Sites using a Secure Version of the DHT Protocol Kademlia Philipp C.

Blacklisting Malicious Web Sites using a Secure Version of the DHT Protocol Kademlia Philipp C. Heckel, University of Mannheim, 5/26/09 1 Road Map 1. General Idea 2. Application Design 3. Implementation 4. Testing Philipp C. Heckel,

551 views • 29 slides
ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici www.objectweb.org/ProActive ObjectWeb Architecture meeting July 2nd 2003 1 ProActive A Java API + Tools for Parallel, Distributed Computing A uniform framework: An

921 views • 56 slides
Performance Watereuse Los Angeles Chapter August 14 th , 2018 Proactive vs Reactive Operations

Performance Watereuse Los Angeles Chapter August 14 th , 2018 Proactive vs Reactive Operations

Using Dashboards to Optimize Plant Performance Watereuse Los Angeles Chapter August 14 th , 2018 Proactive vs Reactive Operations Knowledge Operations back Incident of Potential on track Issue Identifying Issue, Field Testing, Water

179 views • 14 slides
Proactive Investor Presentation February 2020 FORWARD LOOKING STATEMENTS This presentation

Proactive Investor Presentation February 2020 FORWARD LOOKING STATEMENTS This presentation

ASX:ANP | OTC:ATHJY Proactive Investor Presentation February 2020 FORWARD LOOKING STATEMENTS This presentation contains forward-looking statements regarding the Companys business & the therapeutic & commercial potential of its

336 views • 15 slides
Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized Omnichannel Users demand Proactive Information Users Expect Brands to Anticipate Their Needs Proactive 76% 63% o f u s e r s o f u s e r s

292 views • 27 slides
Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang

Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang

1. Motivation 2. Gateway Selection Game 3. Equilibrium Selection Learning 4. Evaluation 5. Conclusions Optimal Gateway Selection in Multi-domain Wireless Networks: A Potential Game Perspective Yang Song, Starsky H.Y. Wong, and Kang-Won Lee

901 views • 51 slides
Proactive Customer Service How to do it Well 1 Gather the facts 1 2 1 Think about your

Proactive Customer Service How to do it Well 1 Gather the facts 1 2 1 Think about your

Proactive Customer Service How to do it Well 1 Gather the facts 1 2 1 Think about your customer 3 2 Orchestration Genesys confidential and proprietary information. Unauthorized disclosure is prohibited. Proactive Customer Service

209 views • 16 slides
We Are in This Together Proactive Traffic Safety What You Need to Know Where We

We Are in This Together Proactive Traffic Safety What You Need to Know Where We

PROACTIVE TRAFFIC SAFETY AGENDA We Are in This Together Proactive Traffic Safety What You Need to Know Where We Go from Here We Are in This Together The only acceptable traffic safety goal is to reduce fatalities and

581 views • 20 slides
Investigating a proactive approach for bicyclists safety by using GPS data Conceptual Safety

Investigating a proactive approach for bicyclists safety by using GPS data Conceptual Safety

International Co-operation on Theories and Concepts in Traffic safety (ICTCT) Proactive approach 2425 th October 2019, Warsaw, POLAND Investigating a proactive approach for bicyclists safety by using GPS data Conceptual Safety Pyramid

160 views • 3 slides
ProActive: Distributed and Mobile Objects for the GRID Denis Caromel, et al.

ProActive: Distributed and Mobile Objects for the GRID Denis Caromel, et al.

ProActive: Distributed and Mobile Objects for the GRID Denis Caromel, et al. www.inria.fr/oasis/ProActive OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis, IUF Vers. Mai 12th 2003 Remote Objects, Asynchronous Method

1.44k views • 109 slides
Intro NLP Tools Sporleder & Rehbein WS 09/10 Sporleder & Rehbein (WS 09/10) PS Domain

Intro NLP Tools Sporleder & Rehbein WS 09/10 Sporleder & Rehbein (WS 09/10) PS Domain

Intro NLP Tools Sporleder & Rehbein WS 09/10 Sporleder & Rehbein (WS 09/10) PS Domain Adaptation October 2009 1 / 15 Approaches to POS tagging rule-based look up words in the lexicon to get a list of potential POS tags apply

979 views • 33 slides
W3C Web and TV Workshop Wrap-Up Philipp Hoschka, W3C Ubiquitous Web Domain Leader Take Away

W3C Web and TV Workshop Wrap-Up Philipp Hoschka, W3C Ubiquitous Web Domain Leader Take Away

W3C Web and TV Workshop Wrap-Up Philipp Hoschka, W3C Ubiquitous Web Domain Leader Take Away Open Web Platform has great potential for TV content Good to get started now But: Needs collaboration Otherwise: repeat of mobile

269 views • 5 slides
ASX ANNOUNCEMENT Date: 5 May 2015 Number: 401/050515 INTERVIEW AND PRESENTATION FOR PROACTIVE

ASX ANNOUNCEMENT Date: 5 May 2015 Number: 401/050515 INTERVIEW AND PRESENTATION FOR PROACTIVE

ASX ANNOUNCEMENT Date: 5 May 2015 Number: 401/050515 INTERVIEW AND PRESENTATION FOR PROACTIVE INVESTORS Impact Minerals Limited is pleased to provide an interview by Proactive Investors and Stock Tube with Dr Mike Jones in which he discusses

604 views • 34 slides
Short Introduction to Parallelism, Grid and ProActive, Distributed Objects and Components (GCM)

Short Introduction to Parallelism, Grid and ProActive, Distributed Objects and Components (GCM)

Short Introduction to Parallelism, Grid and ProActive, Distributed Objects and Components (GCM) Denis Caromel, et al. http://ProActive.ObjectWeb.org OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis, IUF Denis Caromel 1

442 views • 29 slides
Next-Gen Proactive MANET Routing MANET, 62th IETF, Minneapolis, 2005 Status Background:

Next-Gen Proactive MANET Routing MANET, 62th IETF, Minneapolis, 2005 Status Background:

Next-Gen Proactive MANET Routing MANET, 62th IETF, Minneapolis, 2005 Status Background: experiences from RFC3626, RFC3648, misc I-Ds Design team: vocal implementers/users of proactive protocols Activities thus far:

357 views • 11 slides
A PROACTIVE APPROACH TO ROAD SAFETY ANALYSIS Charles Chung (Brisk Synergies) Franz Loewenherz

A PROACTIVE APPROACH TO ROAD SAFETY ANALYSIS Charles Chung (Brisk Synergies) Franz Loewenherz

A PROACTIVE APPROACH TO ROAD SAFETY ANALYSIS Charles Chung (Brisk Synergies) Franz Loewenherz (City of Bellevue) James Barr (Miovision) LEARNING OBJECTIVES 1. How can we use traffic conflict analytics to inform proactive actions for improved

1.33k views • 94 slides
What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity

What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity

Tennessee Pollution Prevention Webinar What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity in the Manufacturing Industry October 23 rd , 2019 Ben Bolton Energy Programs Administrator for TDECs

767 views • 41 slides
Domain-independent planning and Domain-dependent planning Le Meilleur est lennemi

Domain-independent planning and Domain-dependent planning Le Meilleur est lennemi

Domain-independent planning and Domain-dependent planning Le Meilleur est lennemi du bien. The Best is the enemy of the good. Voltaire Thanks to Dana Nau. Domain dependent planners? For many applications, domain dependent

242 views • 6 slides

More recommend