Statistical Analysis of DNS Abuse in gTLDs Final Report

This 08/25/2017 report focuses on measuring rates of common forms of abusive activities in the Domain Name System (DNS).[1] The study examined malicious behavior in the global DNS and compared abuse rates in new and legacy gTLDs.

It was commissioned by the Competition, Consumer Trust, and Consumer Choice Review Team with the support of ICANN. Maciej Korczy, Maarten Wullink, Samaneh Tajalizadehkhoob, Giovane Moura, and Cristian Hesselman authored the study.

Results

Overview

The study combines data sets from many sources, including zone files, domain WHOIS information, data obtained through our active measurements, and 11 reputable blacklists representing malware, phishing, and spam. The results of the study indicate that abuse counts primarily correlate with stricter registration policies and that the introduction of gTLDs has lowered span counts in legacy gTLDs.

Main contributions:

  • A comprehensive descriptive statistical comparison of rates of DNS abuse in new and legacy gTLDs as they pertain to spam, phishing, and malware distribution.
  • Using regression modeling, the performance of inferential statistical analysis testing the correlation between passively and actively measured properties of new gTLDs as predictors of rates of abuse.
  • Analyzing proportions of abusive domains across other relevant to abusive practices players, i.e. registrars and privacy/proxy service providers.

References