Friday 2 October 11:00 - 11:30, Red room
Erik Wu (Nominum)
Recently, we have observed unprecedented sudden increases in unique Fully Qualified Domain Names (FQDN) on the Internet. On average, the daily number of unique FQDNs increased from about 300 million a year ago to over 2 billion now, with spikes up to 5 billion. Such massive surges of unique domain names have caused serious consequences and impacts on the availability and stability of the Internet.
In this paper, we will provide an in-depth analysis of some recent surges and possible root causes. The analysis work is based on a large collection of DNS data from major ISPs around the world, 2TB per day, representing about 3 per cent of total global DNS traffic. We will discuss some novel methods including multiple level random subdomains used to generate the huge volumes of unique domain names, infection vectors, and other attributions associated with the attacks. We will also present and compare a set of viable technical solutions that can detect and protect against the emerging threat in real time.
Dr Erik Wu leads security R&D efforts at Nominum, leveraging DNS substrate as a malicious threats aggregation, analysis and control platform for large-scale networks. He has many years' experience in the IT security industry, including working for Damballa, Trend Micro and McAfee.