Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Building a dynamic reputation system for DNS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Detecting malware domains at the upper DNS hierarchy
SEC'11 Proceedings of the 20th USENIX conference on Security
Hi-index | 0.00 |
The DNS infrastructure is a key component of the Internet and is thus used by a multitude of services, both legitimate and malicious. Recently, several works demonstrated that malicious DNS activity usually exhibits observable dynamics that may be exploited for detection and mitigation. Clearly, reliable differentiation requires legitimate activity to not show these dynamics. In this paper, we show that this is often not the case, and propose a set of DNS stability metrics that help to efficiently categorize the DNS activity of a diverse set of Internet sites.