{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T01:13:12Z","timestamp":1778721192617,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","funder":[{"name":"National Key R&D Program of China","award":["2022YFB3103000"],"award-info":[{"award-number":["2022YFB3103000"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,13]]},"DOI":"10.1145\/3774904.3792405","type":"proceedings-article","created":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T12:38:33Z","timestamp":1777293513000},"page":"2995-3005","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Tracking the Stray Sheep: Understanding DNS Response Manipulation in the Wild"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-2837-0724","authenticated-orcid":false,"given":"Wenhao","family":"Wu","sequence":"first","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of the Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8733-4841","authenticated-orcid":false,"given":"Zhaohua","family":"Wang","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-9667-5240","authenticated-orcid":false,"given":"Zihan","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of the Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1469-092X","authenticated-orcid":false,"given":"Qinxin","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of the Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1902-7759","authenticated-orcid":false,"given":"Yiming","family":"Xia","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of the Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-0728-5920","authenticated-orcid":false,"given":"Chuan","family":"Gao","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of the Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-2789-1723","authenticated-orcid":false,"given":"Guangxing","family":"Zhang","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9959-1124","authenticated-orcid":false,"given":"Zhenyu","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of the Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,4,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2024. IP Info. https:\/\/ipinfo.io."},{"key":"e_1_3_2_1_2_1","unstructured":"AbuseIPDB. 2025. AbuseIPDB: Making the Internet Safer One IP at a Time. https:\/\/www.abuseipdb.com\/"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561425"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2021.3110003"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2015.7417736"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3718958.3754351"},{"key":"e_1_3_2_1_7_1","unstructured":"Cloudflare Inc. 2025. Cloudflare Radar. https:\/\/radar.cloudflare.com\/. Accessed: 2025--10-04."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Leslie Daigle. 2004. WHOIS protocol specification. Technical Report.","DOI":"10.17487\/rfc3912"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.03.008"},{"key":"e_1_3_2_1_10_1","volume-title":"Global DNS hijacking campaign: DNS record manipulation at scale. research\/2019\/01\/global-dns-hijacking-campaign-dns-recordmanipulation-at-scale. html","author":"Hirani Muks","year":"2019","unstructured":"Muks Hirani, Sarah Jones, and Ben Read. 2019. Global DNS hijacking campaign: DNS record manipulation at scale. research\/2019\/01\/global-dns-hijacking-campaign-dns-recordmanipulation-at-scale. html (2019)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS53918.2021.00029"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP39728.2021.9415092"},{"key":"e_1_3_2_1_13_1","volume-title":"Kruskal and Myron Wish","author":"Joseph","year":"1978","unstructured":"Joseph B. Kruskal and Myron Wish. 1978. Multidimensional Scaling. Sage Publications."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815683"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3651890.3672240"},{"key":"e_1_3_2_1_16_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Li Xiang","year":"2023","unstructured":"Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li. 2023. The maginot line: Attacking the boundary of {DNS} caching protection. In 32nd USENIX Security Symposium (USENIX Security 23). 3153--3170."},{"key":"e_1_3_2_1_17_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Liu Baojun","year":"2018","unstructured":"Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao, and Min Yang. 2018. Who is answering my queries: Understanding and characterizing interception of the {DNS} resolution path. In 27th USENIX Security Symposium (USENIX Security 18). 1113--1128."},{"key":"e_1_3_2_1_18_1","unstructured":"Majestic. 2025. The Majestic Million: Top 1 Million Websites. https:\/\/majestic.com\/reports\/majestic-million"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417280"},{"key":"e_1_3_2_1_20_1","volume-title":"Proc. Passive and Active Measurement Conference (PAM). Virtual. 427--443","author":"McGregor Andrew","year":"2021","unstructured":"Andrew McGregor, Phillipa Gill, and Nicholas Weaver. 2021. Cache me outside: A new look at DNS cache probing. In Proc. Passive and Active Measurement Conference (PAM). Virtual. 427--443."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-28486-1_19"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2398776.2398831"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(03)00293-7"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2021.3105599"},{"key":"e_1_3_2_1_25_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Pearce Paul","year":"2017","unstructured":"Paul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Feamster, Nick Weaver, and Vern Paxson. 2017. Global measurement of {DNS} manipulation. In 26th USENIX Security Symposium (USENIX Security 17). 307--323."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487817"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2021.3105741"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504734"},{"key":"e_1_3_2_1_29_1","unstructured":"SimilarWeb. 2025. https:\/\/www.similarweb.com\/zh\/top-websites"},{"key":"e_1_3_2_1_30_1","volume-title":"Gavin Li, Yael Eiger, and Roya Ensafi.","author":"Tsai Elisa","year":"2023","unstructured":"Elisa Tsai, Deepak Kumar, Ram Sundara Raman, Gavin Li, Yael Eiger, and Roya Ensafi. 2023. Certainty: Detecting dns manipulation at scale using tls certificates. arXiv preprint arXiv:2305.08189 (2023)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.54851\/v7i1y202508"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-7563-6_53"},{"key":"e_1_3_2_1_33_1","first-page":"17","article-title":"Untangling the Web from DNS","volume":"4","author":"Walfish Michael","year":"2004","unstructured":"Michael Walfish, Hari Balakrishnan, and Scott Shenker. 2004. Untangling the Web from DNS. In NSDI, Vol. 4. 17--17.","journal-title":"NSDI"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCN60385.2024.10639696"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3696410.3714834"},{"key":"e_1_3_2_1_36_1","volume-title":"Understanding and Characterizing CDN Services and Paid Features. Master's thesis","author":"Youwei Xu.","unstructured":"Youwei Xu. 2024. Understanding and Characterizing CDN Services and Paid Features. Master's thesis. University of Twente."},{"key":"e_1_3_2_1_37_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Zhang Yunyi","year":"2024","unstructured":"Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, and Chengxi Xu. 2024. Cross the Zone: Toward a Covert Domain Hijacking via Shared {DNS} Infrastructure. In 33rd USENIX Security Symposium (USENIX Security 24). 5751--5768."}],"event":{"name":"WWW '26: The ACM Web Conference 2026","location":"Dubai United Arab Emirates","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2026"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3774904.3792405","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T00:52:25Z","timestamp":1778719945000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3774904.3792405"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":37,"alternative-id":["10.1145\/3774904.3792405","10.1145\/3774904"],"URL":"https:\/\/doi.org\/10.1145\/3774904.3792405","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-04-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}