Search CORE

2 research outputs found

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Author: Alex Gontmakher
Artem Dinaburg
Chris Kanich
Fidelis Threat Research Team
FireEye
Jakobsson Markus
Jakobsson Markus
Kreibich Christian
Lee
Leyla Bilge Engin Kirda
Manos Antonakakis Roberto Perdisci
Manos Antonakakis Roberto Perdisci
Manos Antonakakis Roberto Perdisci
Marczak William R
Monrose
Rahbarinia R. Perdisci
Rodney Joffe
Snyder Peter
Symantec
TECHNOLOGIES.
Wang Yi-Min
Weimer
Publication venue: 'Association for Computing Machinery (ACM)'
Publication date: 28/08/2017
Field of study

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.Comment: ACM CCS 1

arXiv.org e-Print Archive

Crossref

PeerRush : mining for unwanted P2P traffic

Author: A. Lanzi
B. Rahbarinia
K. Li
R. Perdisci
Publication venue: 'Springer Science and Business Media LLC'
Publication date: 01/07/2013
Field of study

In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, PeerRush goes beyond P2P traffic detection, and can accurately categorize the detected P2P traffic and attribute it to specific P2P applications, including malicious applications such as P2P botnets. PeerRush achieves these results without the need of deep packet inspection, and can accurately identify applications that use encrypted P2P traffic. We implemented a prototype version of PeerRush and performed an extensive evaluation of the system over a variety of P2P traffic datasets. Our results show that we can detect all the considered types of P2P traffic with up to 99.5% true positives and 0.1% false positives. Furthermore, PeerRush can attribute the P2P traffic to a specific P2P application with a misclassification rate of 0.68% or less

AIR Universita degli studi di Milano