Aller au contenu principal

Ben Chukwuemeka BENJAMIN

Mardi 1er Octobre 2024

Measuring, Analysing and Mitigating Malicious Activities on the Internet: A Study on DNS, Open Proxies and Domain Name Defensive Registrations

Abstract:
The landscape of cybersecurity is constantly evolving as new and complex threats emerge. To address the challenges posed by these threats, we perform a series of measurements, analyze the results, and recommend strategies to mitigate malicious activities on the Internet more, with a particular focus on the Domain Name System (DNS) and open proxies. 
 
This doctoral thesis embarks on a comprehensive exploration of domain name abuse and open proxy abuses. This thesis makes three main contributions, which can be summarized in three stages. 
 
The first contribution of this thesis is to mitigate the threat posed by cybersquatters by incorporating Passive DNS (Domain Name System) data into defensive domain name registration practices. It presents a thorough analysis of the benefits of this approach and its potential applications in protecting brands. It examines the current defensive registration practices employed by defensive registrars and highlights their shortcomings. As a contribution, it proposes a new method to improve the defensive registration strategies used by defensive registrars. 
 
The Second contribution of this thesis addresses the need for a practical and operational domain name classifier to distinguish between maliciously registered and compromised domains used in phishing that can be readily employed by intermediaries in real-world scenarios to design domain name classifiers that overcome the shortcomings of some existing systems. Our approach takes advantage of publicly available domain name registration data. Our approach has two primary contributions that enhance its practical utility in diverse operational contexts. Firstly, it employs an automated methodology for constructing the ground truth dataset, thereby ensuring that the classifier is trained on reliable data. Secondly, it exhibits resilience in the face of missing data values, a common challenge when dealing with public resources and active measurements. This quality further enhances the reliability and practicality of the classifier. 
 
In the third contribution, we investigate the activities of open proxies where we provided answers as to why Internet users are still using open proxy services despite the risks involved and what types of cybercrime activities are performed through the use of open proxies. We deploy several open proxy servers distributed all around the world which we configured to accept connections using five popular protocols: HTTP, HTTPS, SOCKS4, SOCKS4(a), and SOCKS5. We also uncover the types of Internet service vulnerabilities that open proxy users exploit. The collective contribution of this thesis is to enhance our understanding of domain name abuses and the misuse of open proxies. This research yields innovative methods and techniques that have the potential to assist internet service providers in improving the safety and dependability of the worldwide Internet environment. The study is invaluable for furnishing Internet service providers with ways to counter domain name abuse and maintain the Internet’s integrity.

Date et lieu

Mardi 1er Octobre 2024 à 9:00
Auditorium Bâtiment IMAG

Composition du jury

Yacine Challal
Professor at the University of Doha for Science and Technology, Reviewer
Wojciech Mazurczyk
Professor at the Warsaw University of Technology, Reviewer
Clément Pernet
Professor at the Université Grenoble Alpes, Examiner
Andrzej Duda
Professor at the Grenoble INP–Ensimag, Supervisor
Maciej Korczyński
Professor at the Grenoble INP–Ensimag, Supervisor

Publié le 12 septembre 2024

Mis à jour le 19 septembre 2024