The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Na Internet, existem muitos nomes de domínio não utilizados que não são usados para nenhum serviço real. O estacionamento de domínio é um mecanismo de monetização para exibir anúncios online em nomes de domínio não utilizados. Sabe-se que alguns nomes de domínio usados em ataques cibernéticos aproveitam os serviços de estacionamento de domínio após o ataque. No entanto, as relações temporais entre serviços de estacionamento de domínio e nomes de domínio maliciosos não foram bem estudadas. Neste estudo, investigamos como os nomes de domínio maliciosos que usam serviços de estacionamento de domínio mudam ao longo do tempo. Conduzimos um estudo de medição em larga escala de mais de 66.8 milhões de nomes de domínio que usaram serviços de estacionamento de domínio nos últimos 19 meses. Revelamos a existência de 3,964 nomes de domínio que foram maliciosos após usarem o estacionamento de domínio. Identificamos ainda para quais tipos de atividades maliciosas (por exemplo, phishing e malware) esses nomes de domínio maliciosos tendem a ser usados. Também revelamos a existência de 3.02 milhões de nomes de domínio que utilizaram vários serviços de estacionamento simultaneamente ou alternando entre eles. Nosso estudo pode contribuir para a análise eficiente de nomes de domínio maliciosos utilizando serviços de estacionamento de domínio.
Takayuki TOMATSURI
Waseda University
Daiki CHIBA
NTT Corporation
Mitsuaki AKIYAMA
NTT Corporation
Masato UCHIDA
Waseda University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Takayuki TOMATSURI, Daiki CHIBA, Mitsuaki AKIYAMA, Masato UCHIDA, "Time-Series Measurement of Parked Domain Names and Their Malicious Uses" in IEICE TRANSACTIONS on Communications,
vol. E104-B, no. 7, pp. 770-780, July 2021, doi: 10.1587/transcom.2020CQP0007.
Abstract: On the Internet, there are lots of unused domain names that are not used for any actual services. Domain parking is a monetization mechanism for displaying online advertisements in such unused domain names. Some domain names used in cyber attacks are known to leverage domain parking services after the attack. However, the temporal relationships between domain parking services and malicious domain names have not been studied well. In this study, we investigated how malicious domain names using domain parking services change over time. We conducted a large-scale measurement study of more than 66.8 million domain names that have used domain parking services in the past 19 months. We reveal the existence of 3,964 domain names that have been malicious after using domain parking. We further identify what types of malicious activities (e.g., phishing and malware) such malicious domain names tend to be used for. We also reveal the existence of 3.02 million domain names that utilized multiple parking services simultaneously or while switching between them. Our study can contribute to the efficient analysis of malicious domain names using domain parking services.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.2020CQP0007/_p
Copiar
@ARTICLE{e104-b_7_770,
author={Takayuki TOMATSURI, Daiki CHIBA, Mitsuaki AKIYAMA, Masato UCHIDA, },
journal={IEICE TRANSACTIONS on Communications},
title={Time-Series Measurement of Parked Domain Names and Their Malicious Uses},
year={2021},
volume={E104-B},
number={7},
pages={770-780},
abstract={On the Internet, there are lots of unused domain names that are not used for any actual services. Domain parking is a monetization mechanism for displaying online advertisements in such unused domain names. Some domain names used in cyber attacks are known to leverage domain parking services after the attack. However, the temporal relationships between domain parking services and malicious domain names have not been studied well. In this study, we investigated how malicious domain names using domain parking services change over time. We conducted a large-scale measurement study of more than 66.8 million domain names that have used domain parking services in the past 19 months. We reveal the existence of 3,964 domain names that have been malicious after using domain parking. We further identify what types of malicious activities (e.g., phishing and malware) such malicious domain names tend to be used for. We also reveal the existence of 3.02 million domain names that utilized multiple parking services simultaneously or while switching between them. Our study can contribute to the efficient analysis of malicious domain names using domain parking services.},
keywords={},
doi={10.1587/transcom.2020CQP0007},
ISSN={1745-1345},
month={July},}
Copiar
TY - JOUR
TI - Time-Series Measurement of Parked Domain Names and Their Malicious Uses
T2 - IEICE TRANSACTIONS on Communications
SP - 770
EP - 780
AU - Takayuki TOMATSURI
AU - Daiki CHIBA
AU - Mitsuaki AKIYAMA
AU - Masato UCHIDA
PY - 2021
DO - 10.1587/transcom.2020CQP0007
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E104-B
IS - 7
JA - IEICE TRANSACTIONS on Communications
Y1 - July 2021
AB - On the Internet, there are lots of unused domain names that are not used for any actual services. Domain parking is a monetization mechanism for displaying online advertisements in such unused domain names. Some domain names used in cyber attacks are known to leverage domain parking services after the attack. However, the temporal relationships between domain parking services and malicious domain names have not been studied well. In this study, we investigated how malicious domain names using domain parking services change over time. We conducted a large-scale measurement study of more than 66.8 million domain names that have used domain parking services in the past 19 months. We reveal the existence of 3,964 domain names that have been malicious after using domain parking. We further identify what types of malicious activities (e.g., phishing and malware) such malicious domain names tend to be used for. We also reveal the existence of 3.02 million domain names that utilized multiple parking services simultaneously or while switching between them. Our study can contribute to the efficient analysis of malicious domain names using domain parking services.
ER -