Statistical Analysis of DNS Abuse in gTLDs Final Report

From ICANNWiki
Jump to: navigation, search
Organization: ICANN
Type: Report
Issue: DNS
Release Date: 2017/08/25
Link Link

This report focuses on measuring rates of common forms of abusive activities in the Domain Name System (DNS). The study examines malicious behavior in the global DNS and compares abuse rates in new and legacy gTLDs.

It was commissioned by the Competition, Consumer Trust, and Consumer Choice Review Team with the support of ICANN. The authors of the study are Maciej Korczy, Maarten Wullink, Samaneh Tajalizadehkhoob, Giovane C.M. Moura, and Cristian Hesselman.



The study combines data sets from many sources, including zone files, domain WHOIS information, data obtained through our active measurements, and 11 reputable blacklists representing malware, phishing, and spam. The results of the study indicate that abuse counts primarily correlate with stricter registration policies, and that the introduction of gTLDs have lowered span counts in legacy gTLDs.

Main contributions:

  • A comprehensive descriptive statistical comparison of rates of DNS abuse in new and legacy gTLDs as they pertain to spam, phishing, and malware distribution.
  • Using regression modelling, the performance of inferential statistical analysis testing the correlation between passively and actively measured properties of new gTLDs as predictors of rates of abuse.
  • Analyzing proportions of abusive domains across other relevant to abusive practices players, i.e. registrars and privacy/proxy service providers.