Title: Characterizing Network Infrastructure Using the Domain Name System

Panagiotis Kintis

Ph.D. student

School of Computer Science

College of Computing

Georgia Institute of Technology

Date: Wednesday, September 4th, 2019

Time: 11 AM - 1 PM (ET)

Location: Klaus 3100

Committee:

------------------------

Dr. Emmanouil Antonakakis (Advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology)

Dr. Douglas Blough (Co-Advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology)

Dr. Angelos Keromytis (School of Electrical and Computer Engineering, Georgia Institute of Technology)

Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology)

Dr. Jonathan M. Smith (Department of Computer and Information Science, University of Pennsylvania)

Abstract

------------------------

From the early 90’s until the recent years we have seen a significant amount of protocols and applications being built on top of the Internet Protocol (IP). The ever growing use of off-the-shelf solutions and vertically integrated software is quickly transforming the Internet to an end-to-end encrypted network. This creates a great burden on security applications and the security industry as a whole, which rely on techniques like Deep Packet Inspection (DPI) to secure networks. However, the Domain Name System (DNS), the Internet’s phone book, is still available to the security community for both research and applied security. Hence, DNS can still be used to reason about the IP even though encryption may make the underlying data unavailable to network security solutions.

This thesis shows how DNS can be used to reason about network infrastructure on the Internet. Specifically, it performs several empirical studies that demonstrate how DNS can be used to actively discover Internet infrastructure, DNS extensions enable insights into client behavior, DNS is used by Internet miscreants to perform abuse, and DNS can be used to study malicious communication from malware. While each of these studies explores a very specific use case of DNS, together they form a complete picture that highlights the benefits DNS brings to the security community.