DNS Cyber Threads and Protection for Domain Abuse

Abstract

The goal of this master’s thesis was to investigate general threats related to the DNS-protocol and function, and to investigate how threats related to malicious domains could be specifically combated. The Domain Name System (DNS) is a central function of the current Internet, enabling the use of plain-language domains instead of IP-addresses. After studying DNS literature, I concluded that in my research I would open up general threats that exploit DNS functionality and delve into a few large-scale exploitation cases to find out in what specific way DNS functionality has been exploited in them, so that we could understand how to protect ourselves from threats. The second main goal of the study was to further investigate the role of malicious domains in cybercrime and DNS security threats, and to investigate how well software specifically developed for firewall and DNS services detects malicious domains.

In summary, there are many DNS vulnerabilities and protection against DNS threats is necessary. Preventing DNS vulnerabilities, especially malicious domains, can be done at the front end of the network or even before malicious traffic is even seen on one’s own network, by utilizing cloud services from service providers and vendors, and artificial intelligence or machine learning. The lab test also found a significant difference in the firewall's ability to block malicious domains compared to the DNS-centric technology application environment, to the advantage of the latter.

Keywords: DNS, Malicious domain, DNS-vulnerability