{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T14:24:09Z","timestamp":1766067849838,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":97,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,24]],"date-time":"2023-10-24T00:00:00Z","timestamp":1698105600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2317829"],"award-info":[{"award-number":["CNS-2317829"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,24]]},"DOI":"10.1145\/3618257.3624805","type":"proceedings-article","created":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:19:52Z","timestamp":1698020392000},"page":"198-212","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Dial \"N\" for NXDomain: The Scale, Origin, and Security Implications of DNS Queries to Non-Existent Domains"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9165-420X","authenticated-orcid":false,"given":"Guannan","family":"Liu","sequence":"first","affiliation":[{"name":"Colorado School of Mines, Golden, CO, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-5376-6347","authenticated-orcid":false,"given":"Lin","family":"Jin","sequence":"additional","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7483-5252","authenticated-orcid":false,"given":"Shuai","family":"Hao","sequence":"additional","affiliation":[{"name":"Old Dominion University, Norfolk, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1421-4072","authenticated-orcid":false,"given":"Yubao","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9660-4444","authenticated-orcid":false,"given":"Daiping","family":"Liu","sequence":"additional","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9888-0592","authenticated-orcid":false,"given":"Angelos","family":"Stavrou","sequence":"additional","affiliation":[{"name":"Virginia Tech, Arlington, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4174-3009","authenticated-orcid":false,"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"Virginia Tech, Arlington, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"101domain. https:\/\/www.101domain.com\/."},{"key":"e_1_3_2_1_2_1","unstructured":"CatchTiger. https:\/\/www.catchtiger.com\/."},{"key":"e_1_3_2_1_3_1","unstructured":"CIRCL.lu. https:\/\/www.circl.lu\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Dig - DNS lookup utility. https:\/\/man.openbsd.org\/dig.1."},{"key":"e_1_3_2_1_5_1","unstructured":"Domain Name Registration's Statistics. https:\/\/domainnamestat.com\/statistics\/ overview."},{"key":"e_1_3_2_1_6_1","unstructured":"DropCatch. https:\/\/www.dropcatch.com\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Expired Registration Recovery Policy. https:\/\/newgtlds.icann.org\/en\/about\/prog ram."},{"key":"e_1_3_2_1_8_1","unstructured":"Farsight Security Information Exchange (SIE). https:\/\/docs.farsightsecurity.co m\/sie\/sie-channel-guide\/."},{"key":"e_1_3_2_1_9_1","unstructured":"FortiGuard Web Filter Lookup. https:\/\/www.fortiguard.com\/webfilter."},{"key":"e_1_3_2_1_10_1","unstructured":"GoDaddy. https:\/\/www.godaddy.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"ICANN. https:\/\/www.icann.org\/."},{"key":"e_1_3_2_1_12_1","unstructured":"IDN homograph attack. https:\/\/en.wikipedia.org\/wiki\/IDN_homograph_attack."},{"key":"e_1_3_2_1_13_1","unstructured":"Let's Encrypt. https:\/\/letsencrypt.org\/."},{"key":"e_1_3_2_1_14_1","unstructured":"Mnemonic. https:\/\/passivedns.mnemonic.no\/."},{"key":"e_1_3_2_1_15_1","unstructured":"Namecheap. https:\/\/www.namecheap.com\/."},{"key":"e_1_3_2_1_16_1","unstructured":"National Vulnerability Database. https:\/\/nvd.nist.gov\/vuln\/search."},{"key":"e_1_3_2_1_17_1","unstructured":"NMAP DNS Resolution. https:\/\/nmap.org\/book\/host-discovery-dns.html."},{"key":"e_1_3_2_1_18_1","unstructured":"NsLookup.io. https:\/\/www.nslookup.io\/."},{"key":"e_1_3_2_1_19_1","unstructured":"PassiveTotal DNSIQ. https:\/\/help.passivetotal.org\/passive_dns_sources.html."},{"key":"e_1_3_2_1_20_1","unstructured":"pool.com. https:\/\/pool.com\/."},{"key":"e_1_3_2_1_21_1","unstructured":"Public DNS scans. https:\/\/dnsspy.io\/scan."},{"key":"e_1_3_2_1_22_1","unstructured":"Reverse DNS Lookup. https:\/\/whatismyipaddress.com\/ip-hostname."},{"key":"e_1_3_2_1_23_1","unstructured":"The Domain Name Industry Brief. https:\/\/www.verisign.com\/en_US\/domain-names\/dnib\/index.xhtml."},{"key":"e_1_3_2_1_24_1","unstructured":"The top four DNS response codes and what they mean. https:\/\/bluecatnetworks. com\/blog\/the-top-four-dns-response-codes-and-what-they-mean\/."},{"key":"e_1_3_2_1_25_1","unstructured":"Vulnerability Metrics. https:\/\/nvd.nist.gov\/vuln-metrics\/cvss#."},{"key":"e_1_3_2_1_26_1","unstructured":"What you can learn from an NXDOMAIN response. https:\/\/bluecatnetworks.co m\/blog\/what-you-can-learn-from-an-nxdomain-response\/."},{"key":"e_1_3_2_1_27_1","unstructured":"WHOISIQ API. https:\/\/api.riskiq.net\/api\/whois\/."},{"key":"e_1_3_2_1_28_1","unstructured":"Discovered a new malware for Android which subscribes its victims to paid services via SMS! https:\/\/www.tgsoft.it\/english\/news_archivio_eng.asp?id=565 2013."},{"key":"e_1_3_2_1_29_1","volume-title":"https:\/\/www.farsightsecurity.com\/solutions\/dnsdb\/","author":"Farsight","year":"2017","unstructured":"Farsight dnsdb 2.0. https:\/\/www.farsightsecurity.com\/solutions\/dnsdb\/, 2017."},{"key":"e_1_3_2_1_30_1","volume-title":"https:\/\/docs.farsightsecurity. com\/sie\/sie-221-nxdomains\/","author":"Security","year":"2022","unstructured":"Security information exchange (sie) nx domains. https:\/\/docs.farsightsecurity. com\/sie\/sie-221-nxdomains\/, 2022."},{"volume-title":"https:\/\/www.whoisxmlapi.com","year":"2022","key":"e_1_3_2_1_31_1","unstructured":"Whoisxml. https:\/\/www.whoisxmlapi.com, 2022."},{"key":"e_1_3_2_1_32_1","volume-title":"https:\/\/docs.paloaltonetworks.com\/dns-security","author":"Palo","year":"2023","unstructured":"Palo alto networks dns security. https:\/\/docs.paloaltonetworks.com\/dns-security, 2023."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.10.007"},{"key":"e_1_3_2_1_34_1","volume-title":"Nick Nikiforakis. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse. In Proceedings of the Network and Distributed System Security Symposium (NDSS)","author":"Agten Pieter","year":"2015","unstructured":"Pieter Agten, Wouter Joosen, Frank Piessens, and Nick Nikiforakis. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2015."},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (ATC)","author":"Ali Muneeb","year":"2016","unstructured":"Muneeb Ali, Jude Nelson, Ryan Shea, and Michael J Freedman. Blockstack: A Global Naming and Storage System Secured by Blockchains. In Proceedings of the USENIX Annual Technical Conference (ATC), 2016."},{"key":"e_1_3_2_1_36_1","volume-title":"Damon McCoy. Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks. In Proceedings of the IEEE Symposium on Security and Privacy (S&P)","author":"Alrwais Sumayah","year":"2017","unstructured":"Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy. Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2017."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Antonakakis Manos","year":"2012","unstructured":"Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, and David Dagon. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware. In Proceedings of the USENIX Security Symposium, 2012."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/501983.501996"},{"key":"e_1_3_2_1_39_1","volume-title":"Marco Balduzzi. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In Proceedings of the Network and Distributed System Security Symposium (NDSS)","author":"Bilge Leyla","year":"2011","unstructured":"Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2011."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime51433.2020.9493260"},{"key":"e_1_3_2_1_41_1","volume-title":"Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering. In Proceedings of the ACM Conference on Computer and Communications Security (CCS)","author":"Chen Yizheng","year":"2017","unstructured":"Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, and Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2017."},{"key":"e_1_3_2_1_42_1","unstructured":"Zhanhao Chen and Janos Szurdi. Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook Apple Amazon and Netflix to Scam Consumers. https:\/\/unit42.paloaltonetworks.com\/cybersquatting\/."},{"key":"e_1_3_2_1_43_1","volume-title":"Alan Mislove. Tunneling for Transparency: A Large-Scale Analysis of End-to-End Violations in the Internet. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC)","author":"Chung Taejoong","year":"2016","unstructured":"Taejoong Chung, David Choffnes, and Alan Mislove. Tunneling for Transparency: A Large-Scale Analysis of End-to-End Violations in the Internet. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC), 2016."},{"key":"e_1_3_2_1_44_1","volume-title":"End-to-End View of the DNSSEC Ecosystem. In Proceedings of the USENIX Security Symposium","author":"Chung Taejoong","year":"2017","unstructured":"Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M Maggs, Alan Mislove, and Christo Wilson. A Longitudinal, End-to-End View of the DNSSEC Ecosystem. In Proceedings of the USENIX Security Symposium, 2017."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3452296.3472933"},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Dai Tianxiang","year":"2021","unstructured":"Tianxiang Dai, Philipp Jeitner, Haya Shulman, and Michael Waidner. The Hijack- ers Guide To The Galaxy: Off-Path Taking Over Internet Resources. In Proceedings of the USENIX Security Symposium, 2021."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/144179.144301"},{"key":"e_1_3_2_1_48_1","volume-title":"Haixin Duan. An Empirical Reexamination of Global DNS Behavior. In Proceedings of the ACM SIGCOMM Conference","author":"Gao Hongyu","year":"2013","unstructured":"Hongyu Gao, Vinod Yegneswaran, Yan Chen, Phillip Porras, Shalini Ghosh, Jian Jiang, and Haixin Duan. An Empirical Reexamination of Global DNS Behavior. In Proceedings of the ACM SIGCOMM Conference, 2013."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3041027.3041032"},{"key":"e_1_3_2_1_50_1","volume-title":"Evgenia Smirni. On the DNS Deployment of Modern Web Services. In Proceedings of the 23rd IEEE International Conference on Network Protocols (ICNP)","author":"Hao Shuai","year":"2015","unstructured":"Shuai Hao, Haining Wang, Angelos Stavrou, and Evgenia Smirni. On the DNS Deployment of Modern Web Services. In Proceedings of the 23rd IEEE International Conference on Network Protocols (ICNP), 2015."},{"key":"e_1_3_2_1_51_1","volume-title":"Scott Hollenbeck. Understanding the Domain Registration Behavior of Spammers. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC)","author":"Hao Shuang","year":"2013","unstructured":"Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, and Scott Hollenbeck. Understanding the Domain Registration Behavior of Spammers. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC), 2013."},{"key":"e_1_3_2_1_52_1","volume-title":"Global Scale. In Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)","author":"Houser Rebekah","year":"2022","unstructured":"Rebekah Houser, Shuai Hao, Chase Cotton, and Haining Wang. A Comprehensive, Longitudinal Study of Government DNS Deployment at Global Scale. In Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), 2022."},{"key":"e_1_3_2_1_53_1","volume-title":"Haining Wang. A Comprehensive Measurement-based Investigation of DNS Hijacking. In Proceedings of the International Symposium on Reliable Distributed Systems (SRDS)","author":"Houser Rebekah","year":"2021","unstructured":"Rebekah Houser, Shuai Hao, Zhou Li, Daiping Liu, Chase Cotton, and Haining Wang. A Comprehensive Measurement-based Investigation of DNS Hijacking. In Proceedings of the International Symposium on Reliable Distributed Systems (SRDS), 2021."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00033"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.33"},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Jeitner Philipp","year":"2021","unstructured":"Philipp Jeitner and Haya Shulman. Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS. In Proceedings of the USENIX Security Symposium, 2021."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP52444.2021.9651951"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/510726.510748"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897877"},{"key":"e_1_3_2_1_60_1","volume-title":"Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. In Proceedings of the ACM Conference on Computer and Communications Security (CCS)","author":"Kintis Panagiotis","year":"2017","unstructured":"Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-G\u00f3mez, Nikolaos Pitropakis, Nick Nikiforakis, and Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2017."},{"key":"e_1_3_2_1_61_1","volume-title":"Vern Paxson. Netalyzr: Illuminating The Edge Network. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC)","author":"Kreibich Christian","year":"2010","unstructured":"Christian Kreibich, Nicholas Weaver, Boris Nechaev, and Vern Paxson. Netalyzr: Illuminating The Edge Network. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC), 2010."},{"key":"e_1_3_2_1_62_1","volume-title":"William Robertson. Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers. In Proceedings of the USENIX Security Symposium","author":"Lauinger Tobias","year":"2017","unstructured":"Tobias Lauinger, Abdelberi Chaabane, Ahmet Salih Buyukkayhan, Kaan Onarlioglu, and William Robertson. Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers. In Proceedings of the USENIX Security Symposium, 2017."},{"key":"e_1_3_2_1_63_1","volume-title":"William Robertson. Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers. In USENIX Security Symposium","author":"Lauinger Tobias","year":"2017","unstructured":"Tobias Lauinger, Abdelberi Chaabane, Ahmet Salih Buyukkayhan, Kaan Onarlioglu, and William Robertson. Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers. In USENIX Security Symposium, 2017."},{"key":"e_1_3_2_1_64_1","volume-title":"Manos Antonakakis. Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains. In Proceedings of the IEEE Symposium on Security and Privacy (S&P)","author":"Lever Chaz","year":"2016","unstructured":"Chaz Lever, Robert Walls, Yacin Nadji, David Dagon, Patrick McDaniel, and Manos Antonakakis. Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2016."},{"key":"e_1_3_2_1_65_1","volume-title":"Stefan Savage. Measuring the Practical Impact of DNSSEC Deployment. In Proceedings of the USENIX Security Symposium","author":"Lian Wilson","year":"2013","unstructured":"Wilson Lian, Eric Rescorla, Hovav Shacham, and Stefan Savage. Measuring the Practical Impact of DNSSEC Deployment. In Proceedings of the USENIX Security Symposium, 2013."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978387"},{"key":"e_1_3_2_1_67_1","first-page":"729","volume":"11","author":"Liu Daiping","year":"2023","unstructured":"Daiping Liu, Martin Walter, Ben Hua, Suquan Li, Fan Fei, Seokkyung Chung, Jun Wang, and Wei Xu. In-line detection of algorithmically generated domains, 2023. US Patent 11,729,134.","journal-title":"US Patent"},{"key":"e_1_3_2_1_68_1","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security (CCS)","author":"Man Keyu","year":"2021","unstructured":"Keyu Man, Xin'an Zhou, and Zhiyun Qian. DNS Cache Poisoning Attack: Resur- rections with Side Channels. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2021."},{"key":"e_1_3_2_1_69_1","volume-title":"HTTPS Adoption in the Longtail","author":"Mirian Ariana","year":"2018","unstructured":"Ariana Mirian, Christopher Thompson, Stefan Savage, Geoffrey M Voelker, and Adrienne Porter Felt. HTTPS Adoption in the Longtail. 2018."},{"key":"e_1_3_2_1_70_1","volume-title":"Moore and Richard Clayton. The Ghosts of Banking Past: Empirical Analysis of Closed Bank Websites. In Proceedings of the International Conference on Financial Cryptography and Data Security","author":"Tyler","year":"2014","unstructured":"Tyler Moore and Richard Clayton. The Ghosts of Banking Past: Empirical Analysis of Closed Bank Websites. In Proceedings of the International Conference on Financial Cryptography and Data Security, 2014."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3401897"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487835"},{"key":"e_1_3_2_1_73_1","volume-title":"Proceedings of the Web Conference (WWW)","author":"Nikiforakis Nick","year":"2013","unstructured":"Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, and Wouter Joosen. Bitsquatting: Exploiting Bit-flips for Fun, or Profit? In Proceedings of the Web Conference (WWW), 2013."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-98785-5_28"},{"key":"e_1_3_2_1_75_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale. In Proceedings of the USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_76_1","volume-title":"Performance Issues and Alternative Solutions. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC)","author":"Otto John S","year":"2012","unstructured":"John S Otto, Mario A S\u00e1nchez, John P Rula, and Fabi\u00e1n E Bustamante. Content Delivery and the Natural Evolution of DNS: Remote DNS Trends, Performance Issues and Alternative Solutions. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC), 2012."},{"key":"e_1_3_2_1_77_1","volume-title":"Deployment Characteristics of the Domain Name System. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC)","author":"Pang Jeffrey","year":"2004","unstructured":"Jeffrey Pang, James Hendricks, Aditya Akella, Roberto De Prisco, Bruce Maggs, and Srinivasan Seshan. Availability, Usage, and Deployment Characteristics of the Domain Name System. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC), 2004."},{"key":"e_1_3_2_1_78_1","volume-title":"Lixia Zhang. Impact of Configuration Errors on DNS Robustness. In Proceedings of the ACM SIGCOMM Conference","author":"Pappas Vasileios","year":"2004","unstructured":"Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, and Lixia Zhang. Impact of Configuration Errors on DNS Robustness. In Proceedings of the ACM SIGCOMM Conference, 2004."},{"key":"e_1_3_2_1_79_1","volume-title":"Proceedings of the USENIX Conference on Operating Systems Design and Implementation (OSDI)","author":"Park KyoungSoo","year":"2004","unstructured":"KyoungSoo Park, Vivek S Pai, Larry L Peterson, and Zhe Wang. CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups. In Proceedings of the USENIX Conference on Operating Systems Design and Implementation (OSDI), 2004."},{"key":"e_1_3_2_1_80_1","volume-title":"Elmar Gerhards-Padilla. A Comprehensive Measurement Study of Domain Generating Malware. In Proceedings of the USENIX Security Symposium","author":"Plohmann Daniel","year":"2016","unstructured":"Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, and Elmar Gerhards-Padilla. A Comprehensive Measurement Study of Domain Generating Malware. In Proceedings of the USENIX Security Symposium, 2016."},{"key":"e_1_3_2_1_81_1","volume-title":"Plonka and Paul Barford. Context-aware Clustering of DNS Query Traffic. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC)","author":"David","year":"2008","unstructured":"David Plonka and Paul Barford. Context-aware Clustering of DNS Query Traffic. In Proceedings of the ACM Conference on Internet Measurement Conference (IMC), 2008."},{"key":"e_1_3_2_1_82_1","volume-title":"Oblivious DNS: Practical Privacy for DNS Queries. arXiv preprint arXiv:1806.00276","author":"Schmitt Paul","year":"2018","unstructured":"Paul Schmitt, Anne Edmundson, and Nick Feamster. Oblivious DNS: Practical Privacy for DNS Queries. arXiv preprint arXiv:1806.00276, 2018."},{"key":"e_1_3_2_1_83_1","volume-title":"Proceed- ings of the USENIX Security Symposium","author":"Sch\u00fcppen Samuel","year":"2018","unstructured":"Samuel Sch\u00fcppen, Dominik Teubert, Patrick Herrmann, and Ulrike Meyer. FANCI: Feature-based Automated NXDomain Classification and Intelligence. In Proceed- ings of the USENIX Security Symposium, 2018."},{"key":"e_1_3_2_1_84_1","volume-title":"Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI)","author":"Shulman Haya","year":"2017","unstructured":"Haya Shulman and Michael Waidner. One Key to Sign Them All Considered Vulnerable: Evaluation of DNSSEC in the Internet. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2017."},{"key":"e_1_3_2_1_85_1","volume-title":"Nick Nikiforakis. Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust. In Proceedings of the IEEE Symposium on Security and Privacy (S&P)","author":"So Johnny","year":"2022","unstructured":"Johnny So, Najmeh Miramirkhani, Michael Ferdman, and Nick Nikiforakis. Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2022."},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_1_87_1","volume-title":"Security Informatics","author":"van Adrichem Niels LM","year":"2015","unstructured":"Niels LM van Adrichem, Norbert Blenn, Antonio Reyes L\u00faa, Xin Wang, Muhammad Wasif, Ficky Fatturrahman, and Fernando A Kuipers. A Measurement Study of DNSSEC Misconfigurations. Security Informatics, 2015."},{"key":"e_1_3_2_1_88_1","volume-title":"Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Name-servers. In Proceedings of the ACM Conference on Computer and Communications Security (CCS)","author":"Vissers Thomas","year":"2017","unstructured":"Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, and Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Name-servers. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2017."},{"key":"e_1_3_2_1_89_1","volume-title":"Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI)","author":"Walfish Michael","year":"2004","unstructured":"Michael Walfish, Hari Balakrishnan, and Scott Shenker. Untangling the Web from DNS. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2004."},{"key":"e_1_3_2_1_90_1","volume-title":"Sam King. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In Proceedings of the Network and Distributed System Security Symposium (NDSS)","author":"Wang Yi-Min","year":"2006","unstructured":"Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev, Chad Verbowski, Shuo Chen, and Sam King. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2006."},{"key":"e_1_3_2_1_91_1","volume-title":"SRUTI","author":"Wang Yi-Min","year":"2006","unstructured":"Yi-Min Wang, Doug Beck, Jeffrey Wang, Chad Verbowski, and Brad Daniels. Strider typo-patrol: Discovery and analysis of systematic typo-squatting. SRUTI, 2006."},{"key":"e_1_3_2_1_92_1","volume-title":"Vern Paxson. Redirecting DNS for Ads and Profit. In USENIX Workshop on Free and Open Communications on the Internet","author":"Weaver Nicholas","year":"2011","unstructured":"Nicholas Weaver, Christian Kreibich, and Vern Paxson. Redirecting DNS for Ads and Profit. In USENIX Workshop on Free and Open Communications on the Internet, 2011."},{"key":"e_1_3_2_1_93_1","volume-title":"Ethereum Name Service: the Good, the Bad, and the Ugly. arXiv Preprint, https:\/\/arxiv.org\/abs\/2104.05185","author":"Xia Pengcheng","year":"2021","unstructured":"Pengcheng Xia, Haoyu Wang, Zhou Yu, Xinyu Liu, Xiapu Luo, and Guoai Xu. Ethereum Name Service: the Good, the Bad, and the Ugly. arXiv Preprint, https:\/\/arxiv.org\/abs\/2104.05185, 2021."},{"key":"e_1_3_2_1_94_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Xie Qinge","year":"2022","unstructured":"Qinge Xie, Shujun Tang, Xiaofeng Zheng, Qingran Lin, Baojun Liu, Haixin Duan, and Frank Li. Building an Open, Robust, and Stable Voting-Based Domain Top List. In Proceedings of the USENIX Security Symposium, 2022."},{"key":"e_1_3_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.10"},{"key":"e_1_3_2_1_96_1","volume-title":"Adrienne Porter Felt, and Parisa Tabriz. Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications","author":"Zeng Eric","year":"2019","unstructured":"Eric Zeng, Frank Li, Emily Stark, Adrienne Porter Felt, and Parisa Tabriz. Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications. 2019."},{"key":"e_1_3_2_1_97_1","volume-title":"Zhiyun Qian. Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices. In Proceedings of the USENIX Security Symposium","author":"Zheng Xiaofeng","year":"2020","unstructured":"Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, and Zhiyun Qian. Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices. In Proceedings of the USENIX Security Symposium, 2020."}],"event":{"name":"IMC '23: ACM Internet Measurement Conference","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"],"location":"Montreal QC Canada","acronym":"IMC '23"},"container-title":["Proceedings of the 2023 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624805","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624805","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624805","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T13:15:41Z","timestamp":1755868541000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624805"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,24]]},"references-count":97,"alternative-id":["10.1145\/3618257.3624805","10.1145\/3618257"],"URL":"https:\/\/doi.org\/10.1145\/3618257.3624805","relation":{},"subject":[],"published":{"date-parts":[[2023,10,24]]},"assertion":[{"value":"2023-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}