A study on the use of 3rd party DNS resolvers for malware filtering or censorship circumvention

Martin Fejrskov Andersen*, Emmanouil Vasilomanolakis, Jens Myrup Pedersen

*Corresponding author for this work

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

2 Citations (Scopus)
179 Downloads (Pure)

Abstract

DNS resolvers perform the essential role of translating domain names into IP addresses. The default DNS resolver offered by an Internet Service Provider (ISP) can be undesirable for a number of reasons such as censorship, lack of malware filtering options and low service quality. In this paper, we propose a novel method for estimating the amount of DNS traffic directed at non-ISP resolvers by using DNS and NetFlow data from an ISP. This method is extended to also estimate the amount of DNS traffic towards resolvers that offer malware filtering or parental control functionality. Finally, we propose a novel method for estimating the amount of DNS traffic at non-ISP resolvers that would have been censored by ISP resolvers. The results of applying these methods on an ISP dataset shows to which extent 3rd party resolvers are chosen by users for either malware filtering or censorship circumvention purposes.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection : 37th IFIP TC 11 International Conference, SEC 2022, Copenhagen, Denmark, June 13–15, 2022, Proceedings
EditorsWeizhi Meng, Simone Fischer-Hübner, Christian D. Jensen
Number of pages17
PublisherSpringer
Publication date2022
Pages109-125
ISBN (Print)978-3-031-06974-1
ISBN (Electronic)978-3-031-06975-8
DOIs
Publication statusPublished - 2022
Event37th International Conference on ICT Systems Security and Privacy Protection - DTU, Copenhagen, Denmark
Duration: 13 Jun 202215 Jun 2022
https://ifipsec2022.compute.dtu.dk/

Conference

Conference37th International Conference on ICT Systems Security and Privacy Protection
LocationDTU
Country/TerritoryDenmark
CityCopenhagen
Period13/06/202215/06/2022
Internet address
SeriesI F I P Advances in Information and Communication Technology
ISSN1868-4238

Fingerprint

Dive into the research topics of 'A study on the use of 3rd party DNS resolvers for malware filtering or censorship circumvention'. Together they form a unique fingerprint.

Cite this