UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Correlating domain registrations and DNS first activity in general and for malware

Spring, JM; Metcalf, LB; Stoner, E; (2011) Correlating domain registrations and DNS first activity in general and for malware. In: Securing and Trusting Internet Names: SATIN 2011. National Physical Laboratory Green open access

[thumbnail of metcalf-et_2011_domain-reg-and-activity-for-malware.pdf]
Preview
 Text
metcalf-et_2011_domain-reg-and-activity-for-malware.pdf - Published Version
Download (67kB) | Preview

Abstract

From the date that a domain name is registered with a registrar, there should be a pattern in the amount of time it takes for that domain to be actively resolved on the Internet. We first attempt to describe that pattern in general terms by correlating data from registries for several top-level domains and a large passive DNS data source. This pattern is then used as a baseline for a comparison with the pattern of activity in domains that malicious software utilizes. While our quantitative results are not to be considered representative of the patterns exhibited by all types of malware, the malicious domains are found to have a significantly different pattern than the standard domains.

Type: Proceedings paper
Title: Correlating domain registrations and DNS first activity in general and for malware
Event: Securing and Trusting Internet Names
Location: Teddington, UK
Dates: 04 April 2011 - 05 April 2011
Open access status: An open access version is available from UCL Discovery
Publisher version: http://www.npl.co.uk/events/satin-2011
Language: English
Additional information: © Carnegie Mellon University and authors, 2011. All rights reserved. This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: measurement studies, passive DNS, SIE, malware and the DNS.
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10037792
Downloads since deposit
67Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item