Dissertation/Thesis Abstract

Methodologies and Tools to Study Malicious Ecosystems
by miramirkhani, najmehalsadat, Ph.D., State University of New York at Stony Brook, 2020, 147; 27738172
Abstract (Summary)

Online crime (also known as cybercrime) is becoming more organized, more complex, and therefore, more successful with every passing day. Defending against this crime requires new tools and methods to map and quantify the malicious ecosystems that threat actors set up to realize their attacks. Since there exist no silver bullets, a single tool or a single method cannot be applied to all types of malicious ecosystems which vary in their size, mechanisms, and operations.

In this dissertation, we introduce a wide range of empirical methods which we use to conduct large-scale systematic studies of multiple malicious ecosystems. We start by performing an in-depth longitudinal study of a prevalent social-engineering attack, namely technical support scams, revealing the operations and infrastructure of scammers. This study becomes a stepping stone for us to identify and explore the malicious ecosystems that support these types of attacks by providing avenues for exposing users to malicious content. More specifically, we identify black-hat SEO techniques and abuse of expired domain names as the major delivery channels for reaching end users.

In the study of black-hat SEO techniques, we report on novel techniques that utilize private blog networks as a means of artificially increasing a website’s ranking, and we develop techniques to detect them. In terms of expired domain names, we first quantify the current abuse perpetrated through malicious domain re-registration and we then investigate the magnitude of the domain re-registration threat by designing and implementing an automated system to detect, register, and sinkhole valuable expired domain names.

Ultimately, we show that the methods proposed in this dissertation cover a broad range of underlying vulnerabilities, active/passive data collection techniques, and top-down/bottom-up approaches which are not only useful today but have the potential to be applied to the future attacks and threat actors.

Indexing (document details)
Advisor: Nikiforakis, Nick
Commitee: Polychronakis, Michalis, Sekar, R., Antonakakis, Manos
School: State University of New York at Stony Brook
Department: Computer Science
School Location: United States -- New York
Source: DAI-B 81/12(E), Dissertation Abstracts International
Subjects: Computer science
Keywords: DNS, Ecosystem, Malicious, Measurement, scams, Security
Publication Number: 27738172
ISBN: 9798641509587
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy