Online crime (also known as cybercrime) is becoming more organized, more complex, and therefore, more successful with every passing day. Defending against this crime requires new tools and methods to map and quantify the malicious ecosystems that threat actors set up to realize their attacks. Since there exist no silver bullets, a single tool or a single method cannot be applied to all types of malicious ecosystems which vary in their size, mechanisms, and operations.
In this dissertation, we introduce a wide range of empirical methods which we use to conduct large-scale systematic studies of multiple malicious ecosystems. We start by performing an in-depth longitudinal study of a prevalent social-engineering attack, namely technical support scams, revealing the operations and infrastructure of scammers. This study becomes a stepping stone for us to identify and explore the malicious ecosystems that support these types of attacks by providing avenues for exposing users to malicious content. More specifically, we identify black-hat SEO techniques and abuse of expired domain names as the major delivery channels for reaching end users.
In the study of black-hat SEO techniques, we report on novel techniques that utilize private blog networks as a means of artificially increasing a website’s ranking, and we develop techniques to detect them. In terms of expired domain names, we first quantify the current abuse perpetrated through malicious domain re-registration and we then investigate the magnitude of the domain re-registration threat by designing and implementing an automated system to detect, register, and sinkhole valuable expired domain names.
Ultimately, we show that the methods proposed in this dissertation cover a broad range of underlying vulnerabilities, active/passive data collection techniques, and top-down/bottom-up approaches which are not only useful today but have the potential to be applied to the future attacks and threat actors.
|Commitee:||Polychronakis, Michalis, Sekar, R., Antonakakis, Manos|
|School:||State University of New York at Stony Brook|
|School Location:||United States -- New York|
|Source:||DAI-B 81/12(E), Dissertation Abstracts International|
|Keywords:||DNS, Ecosystem, Malicious, Measurement, scams, Security|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be