Improving Internet Security via Large-Scale DNS Monitoring

Manos Antonakakis, Damballa Inc.
Host: Avi Rubin

The Domain Name System (DNS) is a critical component of the Internet. DNS provides the ability to map human memorable and human readable domain names to machine-level IP addresses and other records. These mappings lie at the heart of the Internet’s success and are essential for the majority of core Internet applications and protocols.

The critical nature of DNS often makes it the target of direct cyber-attacks and other forms of abuse. Cyber-criminals rely heavily upon the reliability and scalability of the DNS protocol to serve as an agile platform for their illicit network operations. For example, modern malware and Internet fraud techniques rely upon the DNS to locate their remote command-and-control (C&C) servers through which new commands from the attacker are issued, serve as exfiltration points for the information stolen from the victim’s computer and to manage subsequent updates to their malicious toolset.

In this talk I will discuss new research that addresses problems in the area of DNS-based detection of illicit operations. In detail, I will elaborate on methods that quantify and track dynamically changing reputations for DNS based on passive network measurements. Next, I will discuss two new research systems that enable the creation of an early warning platform for DNS. These early warning systems enables the research community to identify emerging threats (e.g., new botnets and malware infections) across the DNS hierarchy in a timelier manner.

Speaker Biography

Manos Antonakakis received his engineering diploma in 2004 from the University of the Aegean, Department of Information and Communication Systems Engineering. From November 2004 up to July 2006, he was working as a guest researcher at the National Institute of Standards and Technology (NIST-DoC), in the area of wireless ad hoc network security, at the Computer Security Division. In May 2012 he received his PhD in computer science from Georgia Institute of Technology under Professor Wenke Lee’s supervision. He currently works at Damballa as the Sr. Director of Research. Dr. Antonakakis research interests are network and computer security, where some of his active research projects are on attack attribution, ISP/cellular traffic analysis, DNS data mining, botnet metrics, DNS caching and DNS reputation systems.