Abstract
An increasing number of Internet services tend to collect one-time information from clients via DNS queries. Notably, the uncertainty of such transient information makes these domain names be queried only once in their lifetime. This type of domain is called disposable domain. Although they do not involve any malicious activities, the efficiency of DNS infrastructures is still affected by their ever-increasing number. Existing approaches for detecting disposable domains have serious disadvantages, such as poor timeliness and high false positive rate. In this paper, we conduct an extensive measurement study of the ISP-level DNS traffic and find that the readability of domain name is suitable for identifying disposable domains. Therefore, we propose Vogers, a linguistics-based stacking model, to detect disposable domains from raw DNS traffic. Compared with the prior arts, Vogers decreases the false positive rate by more than 17%, while maintaining the true positive rate above 98.9%. In addition, Vogers generalizes quite well to unknown environments, whereby we are able to report new disposable domains. Our further application of Vogers in the real-world DNS traffic shows that filtering disposable domains can improve the efficiency of DNS infrastructures.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
