Boladji Vinny Adjibi (Georgia Tech), Athanasios Avgetidis (Georgia Tech), Manos Antonakakis (Georgia Tech), Michael Bailey (Georgia Tech), Fabian Monrose (Georgia Tech)

Using orthographic, phonetic, and semantic models, we study the prevalence of defensive registrations related to a wide spectrum of transformations of the base domain names of Fortune 500 companies. As part of a large-scale evaluation, we explore several questions aimed at (a) understanding whether there are explainable factors (e.g., the size of the company's security team or its domain name's popularity rank) that correlate with a company's level of engagement regarding defensive registrations; (b) identifying the main actors in the defensive registration ecosystem that Fortune 500 companies rely upon; (c) uncovering the strategies used by these actors, and d) assessing the efficacy of those strategies from the perspective of queries emanating from a large Internet Service Provider (ISP).

Overall, we identified 19,523 domain names defensively registered by 447 Fortune 500 companies. These companies engage in defensive registrations sparingly, with almost 200 companies having fewer than ten defensive registrations. By analyzing the registrations, we found many similarities between the types of domain names the companies registered. For instance, they all registered many TLD-squatting domain names. As it turns out, those similarities are due to the companies' reliance on online brand protection (OBP) service providers to protect their brands. Our analysis of the efficacy of the strategies of those OBPs showed that they register domain names that receive most of the potential squatting traffic. Using regression models, we learned from those strategies to provide recommendations for future defensive registrants. Our measurement also revealed many domain names that received high proportions of traffic over long periods of time and could be registered for only 15 USD. To prevent the abusive use of such domain names, we recommend that OBP providers proactively leverage passive DNS data to identify and preemptively register highly queried available domain names.

View More Papers

HADES Attack: Understanding and Evaluating Manipulation Risks of Email...

Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)

Read More

Rondo: Scalable and Reconfiguration-Friendly Randomness Beacon

Xuanji Meng (Tsinghua University), Xiao Sui (Shandong University), Zhaoxin Yang (Tsinghua University), Kang Rong (Blockchain Platform Division,Ant Group), Wenbo Xu (Blockchain Platform Division,Ant Group), Shenglong Chen (Blockchain Platform Division,Ant Group), Ying Yan (Blockchain Platform Division,Ant Group), Sisi Duan (Tsinghua University)

Read More

AegisSat: A Satellite Cybersecurity Testbed

Roee Idan, Roy Peled, Aviel Ben Siman Tov, Eli Markus, Boris Zadov, Ofir Chodeda, Yohai Fadida (Ben Gurion University of the Negev), Oliver Holschke, Jan Plachy (T-Labs (Research & Innovation)), Yuval Elovici, Asaf Shabtai (Ben Gurion University of the Negev)

Read More

Privacy-Preserving Data Deduplication for Enhancing Federated Learning of Language...

Aydin Abadi (Newcastle University), Vishnu Asutosh Dasu (Pennsylvania State University), Sumanta Sarkar (University of Warwick)

Read More