Practical Attacks against DNS Reputation Systems
Tillson Galloway, Kleanthis Karakolios, Zane Ma, Roberto Perdisci, Manos Antonakakis, Angelos Keromytis
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
This talk, presented by Tillson Galloway and collaborators from Georgia Tech, Oregon State University, and the University of Georgia, delves into the critical vulnerabilities of **DNS reputation systems**. These systems are foundational security components that leverage statistical features, machine learning (ML), and heuristic methods to identify and flag malicious domains, protecting users from phishing, malware, and other online threats. They are widely integrated into email services, firewalls, web browsers, and registrars to prevent malicious activity at an early stage.
AI review
This research brutally exposes fundamental weaknesses in current DNS reputation systems, demonstrating practical, low-cost evasion techniques that bypass both academic models and commercial defenses. The detailed breakdown of mimicry and popularity list attacks, coupled with real-world vendor testing and clever sandbox bypasses, provides critical, actionable intelligence and illuminates a serious gap in our collective security posture. This isn't just theoretical; it's a blueprint for compromise that defines the conversation.