eprintid: 10037792 rev_number: 22 eprint_status: archive userid: 608 dir: disk0/10/03/77/92 datestamp: 2018-05-04 13:31:05 lastmod: 2020-02-20 04:06:17 status_changed: 2018-05-04 13:31:05 type: proceedings_section metadata_visibility: show creators_name: Spring, JM creators_name: Metcalf, LB creators_name: Stoner, E title: Correlating domain registrations and DNS first activity in general and for malware ispublished: pub divisions: UCL divisions: A01 divisions: B04 divisions: C05 divisions: F48 keywords: measurement studies, passive DNS, SIE, malware and the DNS. note: © Carnegie Mellon University and authors, 2011. All rights reserved. This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions. abstract: From the date that a domain name is registered with a registrar, there should be a pattern in the amount of time it takes for that domain to be actively resolved on the Internet. We first attempt to describe that pattern in general terms by correlating data from registries for several top-level domains and a large passive DNS data source. This pattern is then used as a baseline for a comparison with the pattern of activity in domains that malicious software utilizes. While our quantitative results are not to be considered representative of the patterns exhibited by all types of malware, the malicious domains are found to have a significantly different pattern than the standard domains. date: 2011-04-05 date_type: published publisher: National Physical Laboratory official_url: http://www.npl.co.uk/events/satin-2011 oa_status: green full_text_type: pub language: eng primo: open primo_central: open_green verified: verified_manual elements_id: 1509281 lyricists_name: Spring, Jonathan lyricists_id: JSPRI00 actors_name: Spring, Jonathan actors_id: JSPRI00 actors_role: owner full_text_status: public event_title: Securing and Trusting Internet Names event_location: Teddington, UK event_dates: 04 April 2011 - 05 April 2011 institution: Securing and Trusting Internet Names book_title: Securing and Trusting Internet Names: SATIN 2011 citation: Spring, JM; Metcalf, LB; Stoner, E; (2011) Correlating domain registrations and DNS first activity in general and for malware. In: Securing and Trusting Internet Names: SATIN 2011. National Physical Laboratory Green open access document_url: https://discovery.ucl.ac.uk/id/eprint/10037792/1/metcalf-et_2011_domain-reg-and-activity-for-malware.pdf