English
Related papers

Related papers: CERTainty: Detecting DNS Manipulation at Scale usi…

200 papers

Anecdotal evidence suggests an increasing number of people are turning to VPN services for the properties of privacy, anonymity and free communication over the internet. Despite this, there is little research into what these services are…

Cryptography and Security · Computer Science 2019-07-10 Oliver Farnan , Alexander Darer , Joss Wright

The Domain Name System (DNS) service is one of the pillars of the Internet. This service allows users to access websites on the Internet through easy-to-remember domain names rather than complex numeric IP addresses. DNS acts as a directory…

Networking and Internet Architecture · Computer Science 2025-04-24 Demétrio F. Boeira , Eder J. Scheid , Muriel F. Franco , Luciano Zembruzki , Lisandro Z. Granville

Malicious domains are part of the landscape of the internet but are becoming more prevalent and more dangerous to both companies and individuals. They can be hosted on variety of technologies and serve an array of content, ranging from…

Cryptography and Security · Computer Science 2024-10-08 Amanda Thomson , Leandros Maglaras , Naghmeh Moradpoor

Confidential services running in hardware-protected Trusted Execution Environments (TEEs) can provide higher security assurance, but this requires custom clients and protocols to distribute, update, and verify their attestation evidence.…

Cryptography and Security · Computer Science 2025-03-20 Antoine Delignat-Lavaud , Cédric Fournet , Kapil Vaswani , Manuel Costa , Sylvan Clebsch , Christoph M. Wintersteiger

Malicious domains are one of the major resources required for adversaries to run attacks over the Internet. Due to the important role of the Domain Name System (DNS), extensive research has been conducted to identify malicious domains based…

Cryptography and Security · Computer Science 2018-12-04 Yury Zhauniarovich , Issa Khalil , Ting Yu , Marc Dacier

Active measurements can be used to collect server characteristics on a large scale. This kind of metadata can help discovering hidden relations and commonalities among server deployments offering new possibilities to cluster and classify…

Networking and Internet Architecture · Computer Science 2023-08-31 Markus Sosnowski , Johannes Zirngibl , Patrick Sattler , Georg Carle , Claas Grohnfeldt , Michele Russo , Daniele Sgandurra

Most TLS clients such as modern web browsers enforce coarse-grained TLS security configurations. They support legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees…

Cryptography and Security · Computer Science 2018-09-18 Eman Salem Alashwali , Pawel Szalachowski

Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by--the still exposed--IP…

Cryptography and Security · Computer Science 2021-06-17 Nguyen Phong Hoang , Arian Akhavan Niaki , Phillipa Gill , Michalis Polychronakis

The Domain Name System (DNS) comprises name servers translating domain names into, commonly, IP addresses. Authoritative name servers hosts the resource records (RR) for certain zones, and resolver name servers are responsible for querying…

Cryptography and Security · Computer Science 2024-01-09 Jonathan Magnusson

The use of TLS proxies to intercept encrypted traffic is controversial since the same mechanism can be used for both benevolent purposes, such as protecting against malware, and for malicious purposes, such as identity theft or warrantless…

Cryptography and Security · Computer Science 2015-05-29 Mark O'Neill , Scott Ruoti , Kent Seamons , Daniel Zappala

Domain Name System (DNS) is a crucial component of current IP-based networks as it is the standard mechanism for name to IP resolution. However, due to its lack of data integrity and origin authentication processes, it is vulnerable to a…

Machine Learning · Computer Science 2020-12-29 Abdallah Moubayed , MohammadNoor Injadat , Abdallah Shami , Hanan Lutfiyya

TLS uses X.509 certificates for server authentication. A X.509 certificate is a complex document and various innocent errors may occur while creating/ using it. Also, many certificates belong to malicious websites and should be rejected by…

Cryptography and Security · Computer Science 2017-05-26 Sankalp Bagaria , R. Balaji , B. S. Bindhumadhava

Web services commonly employ Content Distribution Networks (CDNs) for performance and security. As web traffic is becoming 100% HTTPS, more and more websites allow CDNs to terminate their HTTPS connections. This practice may expose a…

Cryptography and Security · Computer Science 2023-02-02 Rui Xin , Shihan Lin , Xiaowei Yang

Malware abuses TLS to encrypt its malicious traffic, preventing examination by content signatures and deep packet inspection. Network detection of malicious TLS flows is an important, but challenging, problem. Prior works have proposed…

Cryptography and Security · Computer Science 2022-12-26 Gibran Gomez , Platon Kotzias , Matteo Dell'Amico , Leyla Bilge , Juan Caballero

The absence of security and privacy measures between DNS recursive resolvers and authoritative nameservers has been exploited by both on-path and off-path attackers. Although numerous security proposals have been introduced in practice and…

Cryptography and Security · Computer Science 2025-06-27 Ali Sadeghi Jahromi , AbdelRahman Abdou , Paul C. van Oorschot

Web-fraud is one of the most unpleasant features of today's Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright…

Cryptography and Security · Computer Science 2015-03-13 Mishari Al Mishari , Emiliano De Cristofaro , Karim El Defrawy , Gene Tsudik

In recent years, malware with tunneling (or: covert channel) capabilities is on the rise. While malware research led to several methods and innovations, the detection and differentiation of malware solely based on its DNS tunneling features…

Cryptography and Security · Computer Science 2025-11-20 Denis Petrov , Pascal Ruffing , Sebastian Zillien , Steffen Wendzel

Internet miscreants increasingly utilize short-lived disposable domains to launch various attacks. Existing detection mechanisms are either too late to catch such malicious domains due to limited information and their short life spans or…

Cryptography and Security · Computer Science 2025-02-17 Fatih Deniz , Mohamed Nabeel , Ting Yu , Issa Khalil

This paper describes an ongoing experiment evaluating the efficacy of a digital safety intervention in six high-risk, low capacity Civil Society Organisations (CSOs) in Central Asia. The evaluation takes the form of statistical analysis of…

Cryptography and Security · Computer Science 2021-10-27 Oliver Farnan , Gregory Walton , Joss Wright

A covert attack method often used by APT organizations is the DNS tunnel, which is used to pass information by constructing C2 networks. And they often use the method of frequently changing domain names and server IP addresses to evade…

Networking and Internet Architecture · Computer Science 2022-07-15 Xin Ma , Shize Guo , Zhisong Pan , Bin Liu , Kaolin Jiang , Ming Chen , Shijiao Tang