Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs
Title | Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Korczynski, M., Tajalizadehkhoob, S., Noroozian, A., Wullink, M., Hesselman, C., v Eeten, M. |
Conference Name | 2017 IEEE European Symposium on Security and Privacy (EuroS P) |
Publisher | IEEE |
ISBN Number | 978-1-5090-5762-7 |
Keywords | Computer crime, cybercriminals, DNS ecosystem, domain abuse, domain name system, Ecosystems, Feeds, intermediary incentives, Internet, invasive software, IP networks, Malware, malware datasets, Measurement, Metrics, phishing, phishing datasets, pubcrawl, regression analysis, reputation metrics, reputation metrics design, security, security metrics, security performance measurement, Servers, software metrics, statistical regression model, TLDs security, top-level domains, top-level domains security, unsolicited e-mail |
Abstract | Over the years cybercriminals have misused the Domain Name System (DNS) - a critical component of the Internet - to gain profit. Despite this persisting trend, little empirical information about the security of Top-Level Domains (TLDs) and of the overall 'health' of the DNS ecosystem exists. In this paper, we present security metrics for this ecosystem and measure the operational values of such metrics using three representative phishing and malware datasets. We benchmark entire TLDs against the rest of the market. We explicitly distinguish these metrics from the idea of measuring security performance, because the measured values are driven by multiple factors, not just by the performance of the particular market player. We consider two types of security metrics: occurrence of abuse and persistence of abuse. In conjunction, they provide a good understanding of the overall health of a TLD. We demonstrate that attackers abuse a variety of free services with good reputation, affecting not only the reputation of those services, but of entire TLDs. We find that, when normalized by size, old TLDs like .com host more bad content than new generic TLDs. We propose a statistical regression model to analyze how the different properties of TLD intermediaries relate to abuse counts. We find that next to TLD size, abuse is positively associated with domain pricing (i.e. registries who provide free domain registrations witness more abuse). Last but not least, we observe a negative relation between the DNSSEC deployment rate and the count of phishing domains. |
URL | https://ieeexplore.ieee.org/document/7962004/ |
DOI | 10.1109/EuroSP.2017.15 |
Citation Key | korczynski_reputation_2017 |
- Phishing
- unsolicited e-mail
- top-level domains security
- top-level domains
- TLDs security
- statistical regression model
- software metrics
- Servers
- security performance measurement
- Security Metrics
- security
- reputation metrics design
- reputation metrics
- regression analysis
- pubcrawl
- phishing datasets
- Computer crime
- Metrics
- Measurement
- malware datasets
- malware
- IP networks
- invasive software
- internet
- intermediary incentives
- Feeds
- Ecosystems
- domain name system
- domain abuse
- DNS ecosystem
- cybercriminals