University of Twente Student Theses


DNS bitsquatting in the wild

Macarie, M. (2020) DNS bitsquatting in the wild.

Full text not available from this repository.

Full Text Status:Access to this publication is restricted
Abstract:The DNS Bit-squatting refers to the registration of domain names that are one bit different from popular domains. We present an analysis of the .se, .org and .net bitsquatted top-level domains (TLDs), and an initial analysis of bitsquatted domains maliciousness. We develop an algorithm for detecting bitsquatted domains based on counting set bits implemented using multiprocessing and Pandas data frames in Python and Cython. Results show that .se, .org, and .net TLDs have a percentage of 16.44%, 23.31%, and respectively 16.33% bitsquatted domains. Domain names under 20 characters are more likely to have bitsquatted pairs, but longer and more suspicious bitsquatted domains are registered in certain patterns for different purposes, malicious or not. In Alexa top 1 million, we found less than 1% domain names per TLD which have bitsquatted domains. Manual analysis of 10 random domains has revealed cases when various institutions pre-registered domain names to avoid abuses and a case when historical nameservers data has hosted potential domain abuse in the past. Finally, our analysis shows that domain name length, WHOIS details, Alexa ranking, and language characteristic can be taken into account for developing tools for preventing or detecting bitsquatted domains.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:30 exact sciences in general, 50 technical science in general, 53 electrotechnology, 54 computer science
Programme:Electrical Engineering BSc (56953)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page