Measurement study on abnormal changes in authoritative resource records of government and educational domains

Measurement study on abnormal changes in authoritative resource records of government and educational domains

Authoritative-side domain hijacking is characterized by abnormal changes in resource records. To enable timely warnings for authoritative-side domain hijacking incidents, a monitoring system for authoritative-side resource records was established, targeting significant domains in key sectors such as...

Full description

Saved in:
Bibliographic Details
Main Authors: SUN Junzhe, LU Chaoyi, LIU Baojun, DUAN Haixin, SUN Donghong
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2024-11-01
Series:Tongxin xuebao
Subjects:
domain name system
resource records
authoritative service
hijacking attack
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024252/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Authoritative-side domain hijacking is characterized by abnormal changes in resource records. To enable timely warnings for authoritative-side domain hijacking incidents, a monitoring system for authoritative-side resource records was established, targeting significant domains in key sectors such as government and education, as well as high-traffic popular domains. The system actively captured and continuously monitored 7.5 million important domains globally. An algorithm was developed to filter abnormal changes in resource records, identifying abnormal changes in 896 significant domains within a one-month analysis period. Manual verification results indicate that the causes included misconfigurations by domain administrators, phishing attacks, and the display of illegal content.
ISSN:1000-436X

Similar Items