%0 Generic
%A Spring, JM
%A Metcalf, LB
%A Stoner, E
%D 2011
%F discovery:10037792
%I National Physical Laboratory
%K measurement studies, passive DNS, SIE, malware and the DNS.
%T Correlating domain registrations and DNS first activity in general and for malware
%U https://discovery.ucl.ac.uk/id/eprint/10037792/
%X From the date that a domain name is registered with  a registrar, there should be a pattern in the amount of time it  takes for that domain to be actively resolved on the Internet. We  first attempt to describe that pattern in general terms by  correlating data from registries for several top-level domains and  a large passive DNS data source. This pattern is then used as a  baseline for a comparison with the pattern of activity in domains  that malicious software utilizes. While our quantitative results  are not to be considered representative of the patterns exhibited  by all types of malware, the malicious domains are found to have  a significantly different pattern than the standard domains.
%Z © Carnegie Mellon University and authors, 2011. All rights reserved. This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions.