Publication

Exploring the ecosystem of malicious domain registrations in the .eu TLD

Book Contribution - Book Chapter Conference Contribution

© 2017, Springer International Publishing AG. This study extensively scrutinizes 14, months of registration data to identify large-scale malicious campaigns present in the.eu TLD. We explore the ecosystem and modus operandi of elaborate cybercriminal entities that recurrently register large amounts of domains for one-shot, malicious use. Although these malicious domains are short-lived, by incorporating registrant information, we establish that at least 80.04% of them can be framed in, to 20 larger campaigns with varying duration and intensity. We further report on insights in the operational aspects of this business and observe, amongst other findings, that their processes are only partially automated. Finally, we apply a post-factum clustering process to validate the campaign identification process and to automate the ecosystem analysis of malicious registrations in a TLD zone.

Book: RESEARCH IN ATTACKS, INTRUSIONS, AND DEFENSES (RAID 2017)

Pages: 472 - 493

Number of pages: 22

ISBN:978-3-319-66331-9

Publication year:2017

WoS Id: 000439965600021
DOI: https://doi.org/10.1007/978-3-319-66332-6_21
Institutional Repository URL: https://lirias.kuleuven.be/1574187

BOF-keylabel:yes

IOF-keylabel:yes

Authors from:Private, Higher Education

Accessibility:Open

Publication

Exploring the ecosystem of malicious domain registrations in the .eu TLD

Book Contribution - Book Chapter Conference Contribution

Authors/publisher

Research units

Events