Empirical analysis of existing and emerging threats at scale using DNS
Lever, Charles C.
MetadataShow full item record
The security landscape is constantly evolving. Therefore, in order to build better defenses, it is critical to evaluate emerging and existing threats to better understand how and where to prioritize future security efforts. Ideally, such evaluation of threats should be based on real world data, but this introduces a number of challenges. In particular, real world data must be collected, parsed, and cleaned before any sort of analysis can proceed. The work in this thesis provides an empirical analysis of numerous existing or emerging threats using real world data at scale. As such, it provides the first real world study on the emergence mobile malware by studying network traffic from almost 25M devices---showing that security practices on popular mobile device platforms appear to be fairly effective. In addition, it studies the unintended security consequences of hundreds of millions of domain expirations over several years and shows that malware is increasingly using expired domains for abuse---as well as providing a lightweight algorithm for detecting such expirations. Finally, it studies the evolution of 27M malware collected over almost a half decade---confirming some existing findings at scale and identifying several shortcomings of the current state of the art.