*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Characterizing Network Infrastructure Using the Domain Name System
Panagiotis Kintis
Ph.D. student
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Wednesday, September 4th, 2019
Time: 11 AM - 1 PM (ET)
Location: Klaus 3100
Committee:
------------------------
Dr. Emmanouil Antonakakis (Advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology)
Dr. Douglas Blough (Co-Advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology)
Dr. Angelos Keromytis (School of Electrical and Computer Engineering, Georgia Institute of Technology)
Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology)
Dr. Jonathan M. Smith (Department of Computer and Information Science, University of Pennsylvania)
Abstract
------------------------
From the early 90’s until the recent years we have seen a significant amount of protocols and applications being built on top of the Internet Protocol (IP). The ever growing use of off-the-shelf solutions and vertically integrated software is quickly transforming the Internet to an end-to-end encrypted network. This creates a great burden on security applications and the security industry as a whole, which rely on techniques like Deep Packet Inspection (DPI) to secure networks. However, the Domain Name System (DNS), the Internet’s phone book, is still available to the security community for both research and applied security. Hence, DNS can still be used to reason about the IP even though encryption may make the underlying data unavailable to network security solutions.
This thesis shows how DNS can be used to reason about network infrastructure on the Internet. Specifically, it performs several empirical studies that demonstrate how DNS can be used to actively discover Internet infrastructure, DNS extensions enable insights into client behavior, DNS is used by Internet miscreants to perform abuse, and DNS can be used to study malicious communication from malware. While each of these studies explores a very specific use case of DNS, together they form a complete picture that highlights the benefits DNS brings to the security community.
