Muhammad Muzammil (Stony Brook University), Zafir Ansari (Infoblox), Nick Nikiforakis (Stony Brook University), Darin Johnson (Infoblox)

The Domain Name System (DNS) is a critical component of the Internet, yet its foundational processes, such as domain registration and ownership changes, are generally opaque to end users. This lack of transparency enables adversaries to re-register expired domains and host malicious content that continues to receive traffic from users who trust and revisit the domain. In this paper, we introduce EchoLoc, a scalable system for detecting malicious re-registered domains across the entire TLD space that appear in live DNS resolution telemetry from Infoblox, a major DNS resolution and threat intelligence provider. We deploy EchoLoc for a one-month period, during which it analyzed 144.6M new domain registrations and identified 1.5M re-registrations, of which 66K were queried by customers. Using a machine learning-based website classification pipeline that combines structural features from web content with semantic signals derived from a large language model, we identify over 9K malicious re-registered domains. The classifier achieves 0.95 precision and recall for malicious domain detection, with an overall accuracy of 98.1%. Our analysis further shows that these domains exhibit user activity both prior to expiration and after re-registration.

View More Papers

PROMPTGUARD: Zero Trust Prompting for Securing LLM-Driven O-RAN Control

Yuhui Wang (Department of Electrical and Computer Engineering, University of Michigan-Dearborn), Xingqi Wu (Department of Electrical and Computer Engineering, University of Michigan-Dearborn), Junaid Farooq (Department of Electrical and Computer Engineering, University of Michigan-Dearborn), Juntao Chen (Department of Computer and Information Sciences, Fordham University)

Read More

Enhancing Legal Document Security and Accessibility with TAF

Renata Vaderna (Independent Researcher), Dušan Nikolić (University of Novi Sad), Patrick Zielinski (New York University), David Greisen (Open Law Library), BJ Ard (University of Wisconsin–Madison), Justin Cappos (New York University)

Read More

Memory Backdoor Attacks on Neural Networks

Eden Luzon (Ben-Gurion University, Institute of Software Systems and Security), Guy Amit (Ben-Gurion University, Institute of Software Systems and Security), Roy Weiss (Ben-Gurion University, Institute of Software Systems and Security), Torsten Krauß (University of Würzburg), Alexandra Dmitrienko (University of Würzburg), Yisroel Mirsky (Ben-Gurion University, Institute of Software Systems and Security)

Read More