• Publications
  • Influence
Exploring the Attack Surface of Blockchain: A Systematic Overview
TLDR
In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Expand
  • 41
  • 4
  • PDF
The Landscape of Domain Name Typosquatting: Techniques and Countermeasures
TLDR
Domain typosquatting provides a great avenue to cybercriminals to conduct their crimes, including phishing, spam, hit and traffic stealing, online scams, among others. Expand
  • 28
  • 2
  • PDF
Thriving on chaos: Proactive detection of command and control domains in internet of things-scale botnets using DRIFT
TLDR
We introduce DRIFT, a system for detecting command and control (C2) domain names in Internet of Things–scale botnets. Expand
  • 4
  • 1
  • PDF
Domain Name System Security and Privacy: Old Problems and New Challenges
TLDR
We review the various activities in the research community on DNS operation, security, and privacy, and outline various challenges and open research directions that need to be tackled. Expand
  • 11
  • PDF
Exploring the Attack Surface of Blockchain: A Comprehensive Survey
TLDR
In this paper, we systematically explore the attack surface of the Blockchain technology, including selfish mining, the 51% attack, DNS attacks, distributed denial-of-service (DDoS) attacks, consensus delay, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. Expand
  • 9
Understanding the effectiveness of typosquatting techniques
TLDR
The nefarious practice of Typosquatting involves deliberately registering Internet domain names containing typographical errors that primarily target popular domain names, in an effort to redirect users to unintended destinations or stealing traffic. Expand
  • 7
  • PDF
Proactive detection of algorithmically generated malicious domains
TLDR
Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference-based lightweight feature for malicious domainName detection. Expand
  • 8
  • PDF
Defending Internet of Things Against Malicious Domain Names using D-FENS
TLDR
In this work, we present a system called D-FENS (DNS Filtering & Extraction Network System) which works in tandem with blacklists and features a live DNS server and binary classifier to accurately predict unreported malicious domain names. Expand
  • 2
You’ve Been Tricked! A User Study of the Effectiveness of Typosquatting Techniques
TLDR
The deceitful practice of Typosquatting involves deliberately registering Internet domain names containing typographical errors that primarily target popular domain names, in an effort to redirect users to unintended destinations or steal traffic. Expand
  • 2
  • PDF