No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers

Muhammad Yasir Muzayan Haq; Mattijs Jonker; Roland Martijn van Rijswijk - Deij; kc Claffy; Bart Nieuwenhuis; Abhishta Abhishta

doi:10.1109/EuroSPW55150.2022.00039

No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers

Muhammad Yasir Muzayan Haq, Mattijs Jonker, Roland Martijn van Rijswijk - Deij, kc Claffy, Bart Nieuwenhuis, Abhishta Abhishta

Research output: Chapter in Book/Report/Conference proceeding › Chapter › Academic › peer-review

2 Citations (Scopus)

177 Downloads (Pure)

Abstract

We leverage large-scale DNS measurement data on authoritative name servers to study the reactions of domain owners affected by the 2016 DDoS attack on Dyn. We use industry sources of information about domain names to study the influence of factors such as industry sector and website popularity on the willingness of domain managers to invest in high availability of online services. Specifically, we correlate business characteristics of domain owners with their resilience strategies in the wake of DoS attacks affecting their domains. Our analysis revealed correlations between two properties of domains – industry sector and popularity – and post-attack strategies. Specifically, owners of more popular domains were more likely to re-act to increase the diversity of their authoritative DNS service for their domains. Similarly, domains in certain industry sectors were more likely to seek out such diversity in their DNS service. For example, domains categorized as General News were nearly 6 times more likely to re-act than domains categorized as Internet Services. Our results can inform managed DNS and other network service providers regarding the potential impact of downtime on their customer portfolio.

Original language	English
Title of host publication	Proceedings of the 2022 Workshop on Traffic Measurements for Cybersecurity
Subtitle of host publication	2022 IEEE European Symposium on Security and Privacy Workshops
Publisher	IEEE
Pages	322-331
Number of pages	10
ISBN (Electronic)	9781665495608
ISBN (Print)	978-1-6654-9561-5
DOIs	https://doi.org/10.1109/EuroSPW55150.2022.00039
Publication status	Published - 27 Jun 2022
Event	7th International Workshop on Traffic Measurements for Cybersecurity, WTMC 2022 - Genoa, Italy Duration: 6 Jun 2022 → 6 Jun 2022 https://wtmc.info/index.html

Workshop

Workshop	7th International Workshop on Traffic Measurements for Cybersecurity, WTMC 2022
Abbreviated title	WTMC'22
Country/Territory	Italy
City	Genoa
Period	6/06/22 → 6/06/22
Internet address	https://wtmc.info/index.html

Keywords

Managed DNS
Availability
DDoS attack mitigation
Network management

Access to Document

10.1109/EuroSPW55150.2022.00039

WTMC2022___No_Time_for_Downtime_camera-ready_final_validatedAccepted author version, 683 KB

Cite this

Haq, M. Y. M., Jonker, M., van Rijswijk - Deij, R. M., Claffy, K., Nieuwenhuis, B., & Abhishta, A. (2022). No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers. In Proceedings of the 2022 Workshop on Traffic Measurements for Cybersecurity: 2022 IEEE European Symposium on Security and Privacy Workshops (pp. 322-331). IEEE. https://doi.org/10.1109/EuroSPW55150.2022.00039

@inbook{27cb835cce0f41c3a613368da4cafc0f,

title = "No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers",

abstract = "We leverage large-scale DNS measurement data on authoritative name servers to study the reactions of domain owners affected by the 2016 DDoS attack on Dyn. We use industry sources of information about domain names to study the influence of factors such as industry sector and website popularity on the willingness of domain managers to invest in high availability of online services. Specifically, we correlate business characteristics of domain owners with their resilience strategies in the wake of DoS attacks affecting their domains. Our analysis revealed correlations between two properties of domains – industry sector and popularity – and post-attack strategies. Specifically, owners of more popular domains were more likely to re-act to increase the diversity of their authoritative DNS service for their domains. Similarly, domains in certain industry sectors were more likely to seek out such diversity in their DNS service. For example, domains categorized as General News were nearly 6 times more likely to re-act than domains categorized as Internet Services. Our results can inform managed DNS and other network service providers regarding the potential impact of downtime on their customer portfolio.",

keywords = "Managed DNS, Availability, DDoS attack mitigation, Network management",

author = "Haq, {Muhammad Yasir Muzayan} and Mattijs Jonker and {van Rijswijk - Deij}, {Roland Martijn} and kc Claffy and Bart Nieuwenhuis and Abhishta Abhishta",

note = "Funding Information: This work is part of the NWO: MASCOT project, which is funded by the Netherlands Organization for Scientific Research (CS.014). This material is based on research sponsored by the National Science Foundation (NSF) grant OAC-1724853 and OAC-2131987. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of NSF. Publisher Copyright: {\textcopyright} 2022 IEEE.; 7th International Workshop on Traffic Measurements for Cybersecurity, WTMC 2022, WTMC'22 ; Conference date: 06-06-2022 Through 06-06-2022",

year = "2022",

month = jun,

day = "27",

doi = "10.1109/EuroSPW55150.2022.00039",

language = "English",

isbn = "978-1-6654-9561-5",

pages = "322--331",

booktitle = "Proceedings of the 2022 Workshop on Traffic Measurements for Cybersecurity",

publisher = "IEEE",

address = "United States",

url = "https://wtmc.info/index.html",

}

Haq, MYM , Jonker, M , van Rijswijk - Deij, RM, Claffy, K, Nieuwenhuis, B & Abhishta, A 2022, No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers. in Proceedings of the 2022 Workshop on Traffic Measurements for Cybersecurity: 2022 IEEE European Symposium on Security and Privacy Workshops. IEEE, pp. 322-331, 7th International Workshop on Traffic Measurements for Cybersecurity, WTMC 2022, Genoa, Italy, 6/06/22. https://doi.org/10.1109/EuroSPW55150.2022.00039

No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers. / Haq, Muhammad Yasir Muzayan ; Jonker, Mattijs ; van Rijswijk - Deij, Roland Martijn et al.
Proceedings of the 2022 Workshop on Traffic Measurements for Cybersecurity: 2022 IEEE European Symposium on Security and Privacy Workshops. IEEE, 2022. p. 322-331.

Research output: Chapter in Book/Report/Conference proceeding › Chapter › Academic › peer-review

TY - CHAP

T1 - No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers

AU - Haq, Muhammad Yasir Muzayan

AU - Jonker, Mattijs

AU - van Rijswijk - Deij, Roland Martijn

AU - Claffy, kc

AU - Nieuwenhuis, Bart

AU - Abhishta, Abhishta

N1 - Funding Information: This work is part of the NWO: MASCOT project, which is funded by the Netherlands Organization for Scientific Research (CS.014). This material is based on research sponsored by the National Science Foundation (NSF) grant OAC-1724853 and OAC-2131987. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of NSF. Publisher Copyright: © 2022 IEEE.

PY - 2022/6/27

Y1 - 2022/6/27

N2 - We leverage large-scale DNS measurement data on authoritative name servers to study the reactions of domain owners affected by the 2016 DDoS attack on Dyn. We use industry sources of information about domain names to study the influence of factors such as industry sector and website popularity on the willingness of domain managers to invest in high availability of online services. Specifically, we correlate business characteristics of domain owners with their resilience strategies in the wake of DoS attacks affecting their domains. Our analysis revealed correlations between two properties of domains – industry sector and popularity – and post-attack strategies. Specifically, owners of more popular domains were more likely to re-act to increase the diversity of their authoritative DNS service for their domains. Similarly, domains in certain industry sectors were more likely to seek out such diversity in their DNS service. For example, domains categorized as General News were nearly 6 times more likely to re-act than domains categorized as Internet Services. Our results can inform managed DNS and other network service providers regarding the potential impact of downtime on their customer portfolio.

AB - We leverage large-scale DNS measurement data on authoritative name servers to study the reactions of domain owners affected by the 2016 DDoS attack on Dyn. We use industry sources of information about domain names to study the influence of factors such as industry sector and website popularity on the willingness of domain managers to invest in high availability of online services. Specifically, we correlate business characteristics of domain owners with their resilience strategies in the wake of DoS attacks affecting their domains. Our analysis revealed correlations between two properties of domains – industry sector and popularity – and post-attack strategies. Specifically, owners of more popular domains were more likely to re-act to increase the diversity of their authoritative DNS service for their domains. Similarly, domains in certain industry sectors were more likely to seek out such diversity in their DNS service. For example, domains categorized as General News were nearly 6 times more likely to re-act than domains categorized as Internet Services. Our results can inform managed DNS and other network service providers regarding the potential impact of downtime on their customer portfolio.

KW - Managed DNS

KW - Availability

KW - DDoS attack mitigation

KW - Network management

UR - https://arxiv.org/abs/2205.12765

U2 - 10.1109/EuroSPW55150.2022.00039

DO - 10.1109/EuroSPW55150.2022.00039

M3 - Chapter

SN - 978-1-6654-9561-5

SP - 322

EP - 331

BT - Proceedings of the 2022 Workshop on Traffic Measurements for Cybersecurity

PB - IEEE

T2 - 7th International Workshop on Traffic Measurements for Cybersecurity, WTMC 2022

Y2 - 6 June 2022 through 6 June 2022

ER -

Haq MYM , Jonker M , van Rijswijk - Deij RM, Claffy K, Nieuwenhuis B , Abhishta A. No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers. In Proceedings of the 2022 Workshop on Traffic Measurements for Cybersecurity: 2022 IEEE European Symposium on Security and Privacy Workshops. IEEE. 2022. p. 322-331 doi: 10.1109/EuroSPW55150.2022.00039

No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers

Abstract

Workshop

Keywords

Access to Document

Other files and links

Fingerprint

Cite this