A study on the use of 3rd party DNS resolvers for malware filtering or censorship circumvention

Research output: Contribution to journalConference article in JournalResearchpeer-review

68 Downloads (Pure)

Abstract

DNS resolvers perform the essential role of translating domain names into IP addresses. The default DNS resolver offered by an Internet Service Provider (ISP) can be undesirable for a number of reasons such as censorship, lack of malware filtering options and low service quality. In this paper, we propose a novel method for estimating the amount of DNS traffic directed at non-ISP resolvers by using DNS and NetFlow data from an ISP. This method is extended to also estimate the amount of DNS traffic towards resolvers that offer malware filtering or parental control functionality. Finally, we propose a novel method for estimating the amount of DNS traffic at non-ISP resolvers that would have been censored by ISP resolvers. The results of applying these methods on an ISP dataset shows to which extent 3rd party resolvers are chosen by users for either malware filtering or censorship circumvention purposes.
Original languageEnglish
Book seriesI F I P Advances in Information and Communication Technology
Number of pages17
ISSN1868-4238
DOIs
Publication statusAccepted/In press - 2022
Event37th International Conference on ICT Systems Security and Privacy Protection - DTU, Copenhagen, Denmark
Duration: 13 Jun 202215 Jun 2022
https://ifipsec2022.compute.dtu.dk/

Conference

Conference37th International Conference on ICT Systems Security and Privacy Protection
LocationDTU
Country/TerritoryDenmark
CityCopenhagen
Period13/06/202215/06/2022
Internet address

Cite this