An InternetWide View Into DNS Lookup Patterns

Download Now Date Added: May 2010
Format: PDF

This paper analyzes the DNS lookup patterns from a large authoritative top-level domain server and characterizes how the lookup patterns for unscrupulous domains may differ from those for legitimate domains. The authors examine domains for phishing attacks and spam and malware related domains, and see how these lookup patterns vary in terms of both their temporal and spatial characteristics. The authors find that malicious domains tend to exhibit more variance in the networks that look up these domains, and the authors also find that these domains become popular considerably more quickly after their initial registration time.