eprintid: 10037792
rev_number: 22
eprint_status: archive
userid: 608
dir: disk0/10/03/77/92
datestamp: 2018-05-04 13:31:05
lastmod: 2020-02-20 04:06:17
status_changed: 2018-05-04 13:31:05
type: proceedings_section
metadata_visibility: show
creators_name: Spring, JM
creators_name: Metcalf, LB
creators_name: Stoner, E
title: Correlating domain registrations and DNS first activity in general and for malware
ispublished: pub
divisions: UCL
divisions: A01
divisions: B04
divisions: C05
divisions: F48
keywords: measurement studies, passive DNS, SIE, malware and the DNS.
note: © Carnegie Mellon University and authors, 2011. All rights reserved. This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions.
abstract: From the date that a domain name is registered with
a registrar, there should be a pattern in the amount of time it
takes for that domain to be actively resolved on the Internet. We
first attempt to describe that pattern in general terms by
correlating data from registries for several top-level domains and
a large passive DNS data source. This pattern is then used as a
baseline for a comparison with the pattern of activity in domains
that malicious software utilizes. While our quantitative results
are not to be considered representative of the patterns exhibited
by all types of malware, the malicious domains are found to have
a significantly different pattern than the standard domains.
date: 2011-04-05
date_type: published
publisher: National Physical Laboratory
official_url: http://www.npl.co.uk/events/satin-2011
oa_status: green
full_text_type: pub
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_id: 1509281
lyricists_name: Spring, Jonathan
lyricists_id: JSPRI00
actors_name: Spring, Jonathan
actors_id: JSPRI00
actors_role: owner
full_text_status: public
event_title: Securing and Trusting Internet Names
event_location: Teddington, UK
event_dates: 04 April 2011 - 05 April 2011
institution: Securing and Trusting Internet Names
book_title: Securing and Trusting Internet Names: SATIN 2011
citation:        Spring, JM;    Metcalf, LB;    Stoner, E;      (2011)    Correlating domain registrations and DNS first activity in general and for malware.                     In:  Securing and Trusting Internet Names: SATIN 2011.    National Physical Laboratory       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/10037792/1/metcalf-et_2011_domain-reg-and-activity-for-malware.pdf