{"686780":{"#nid":"686780","#data":{"type":"event","title":"Ph.D. Dissertation Defense - Aaron Faulkenberry","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle\u003C\/strong\u003E\u003Cem\u003E:\u0026nbsp; Internet-Scale Discovery and Exposure of DNS Monitoring for Cyber Threats\u003C\/em\u003E\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ECommittee:\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EDr. Manos Antonakakis, ECE, Chair, Advisor\u003C\/p\u003E\u003Cp\u003EDr. Fabian Monrose, ECE\u003C\/p\u003E\u003Cp\u003EDr. Angelos Keromytis, ECE\u003C\/p\u003E\u003Cp\u003EDr. Roberto Perdisci, UGA\u003C\/p\u003E\u003Cp\u003EDr. Zane Ma, Oregon State\u003C\/p\u003E","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EVisibility into malicious infrastructure is at the core of today\u0027s network defenses. To stay ahead of threats, the community increasingly relies on active investigation, engaging unknown domains and services to detect emerging threats before they take root. However, active investigation introduces the overlooked risk of exposing itself. The very efforts the community makes to gain visibility into malicious infrastructure reveal their vantage points and behaviors to anyone watching. This dissertation quantifies the exposure of active monitors and the risks that exposure creates using DNS as a global lens. Prior work on DNS interception has focused on privacy, censorship, or abuse. In contrast, our novel systems and measurement techniques enable observing DNS monitors from the perspective of an external adversary. We show that network outsiders can remotely discover and characterize active monitors at Internet scale. Through the first Internet-wide study of DNS monitoring to analyze emitter behavior, we uncover monitoring deployments across thousands of networks globally, including vendor relationships and real-time security policy changes. This exposure enables network adversaries to profile the infrastructure supporting monitoring, identify blind spots, and create opportunities for evasion. We argue that monitor exposure and the evasion it enables pose a critical risk to network visibility, as they allow adversaries to hide not only their behavior and content but the infrastructure that supports them. We present the first evaluation of DNS-level evasions, measuring how DNS monitors fare under adversarial conditions, and show that adversaries can manipulate resolutions to evade monitoring and hide their infrastructure. Even simple evasions can degrade the security community\u0027s ability to respond while imposing minimal cost to attackers. Our adversarial perspectives demonstrate the need for network defenders to consider the real risk of profiling of systems that provide needed visibility.\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Internet-Scale Discovery and Exposure of DNS Monitoring for Cyber Threats "}],"uid":"28475","created_gmt":"2025-12-08 15:41:16","changed_gmt":"2025-12-08 15:42:25","author":"Daniela Staiculescu","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2025-12-16T13:00:00-05:00","event_time_end":"2025-12-16T15:00:00-05:00","event_time_end_last":"2025-12-16T15:00:00-05:00","gmt_time_start":"2025-12-16 18:00:00","gmt_time_end":"2025-12-16 20:00:00","gmt_time_end_last":"2025-12-16 20:00:00","rrule":null,"timezone":"America\/New_York"},"location":"Room 3402, Klaus","extras":[],"groups":[{"id":"434381","name":"ECE Ph.D. Dissertation Defenses"}],"categories":[],"keywords":[{"id":"100811","name":"Phd Defense"},{"id":"1808","name":"graduate students"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}