On the security of pay-per-click and other Web advertising schemes
WWW '99 Proceedings of the eighth international conference on World Wide Web
SAWM: a tool for secure and authenticated web metering
SEKE '02 Proceedings of the 14th international conference on Software engineering and knowledge engineering
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Auditable Metering with Lightweight Security
FC '97 Proceedings of the First International Conference on Financial Cryptography
What's new on the web?: the evolution of the web from a search engine perspective
Proceedings of the 13th international conference on World Wide Web
A self-learning worm using importance scanning
Proceedings of the 2005 ACM workshop on Rapid malcode
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Vulnerabilities of passive internet threat monitors
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
On Hit Inflation Techniques and Detection in Streams of Web Advertising Networks
ICDCS '07 Proceedings of the 27th International Conference on Distributed Computing Systems
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Peering through the shroud: the effect of edge opacity on ip-based client identification
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Fast and evasive attacks: highlighting the challenges ahead
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Proceedings of the ACM SIGCOMM 2010 conference
DNS prefetching and its privacy implications: when good things go bad
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Quantitatively analyzing stealthy communication channels
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Manufacturing compromise: the emergence of exploit-as-a-service
Proceedings of the 2012 ACM conference on Computer and communications security
On measuring the client-side DNS infrastructure
Proceedings of the 2013 conference on Internet measurement conference
Hi-index | 0.00 |
Reliable network demographics are quickly becoming a much sought-after digital commodity. However, as the need for more refined Internet demographics has grown, so too has the tension between privacy and utility. Unfortunately, current techniques lean too much in favor of functional requirements over protecting the privacy of users. For example, the most prominent proposals for measuring the relative popularity of a website depend on the deployment of client-side measurement agents that are generally perceived as infringing on users' privacy, thereby limiting their wide scale adoption. Moreover, the client-side nature of these techniques also makes them susceptible to various manipulation tactics that undermine the integrity of their results. In this paper, we propose a new estimation technique that uses DNS cache probing to infer the density of clients accessing a given service. Compared to earlier techniques, our scheme is less invasive as it does not reveal user-specific traits, and is more robust against manipulation. We demonstrate the flexibility of our approach through two important security applications. First, we illustrate how our scheme can be used as a lightweight technique for measuring and verifying the relative popularity rank of different websites. Second, using data from several hundred botnets, we apply our technique to indirectly measure the infected population of this increasing Internet phenomenon.