Measuring CDNs susceptible to Domain Fronting
- URL: http://arxiv.org/abs/2310.17851v3
- Date: Mon, 13 Nov 2023 20:46:12 GMT
- Title: Measuring CDNs susceptible to Domain Fronting
- Authors: Karthika Subramani, Roberto Perdisci, Pierros Skafidas,
- Abstract summary: Domain fronting is a network communication technique that involves leveraging content delivery networks (CDNs) to disguise the final destination of network packets.
This technique can be used for both benign and malicious purposes, such as circumventing censorship or hiding malware-related communications from network security systems.
We propose a systematic approach to discover CDNs that are still prone to domain fronting.
- Score: 2.609441136025819
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Domain fronting is a network communication technique that involves leveraging (or abusing) content delivery networks (CDNs) to disguise the final destination of network packets by presenting them as if they were intended for a different domain than their actual endpoint. This technique can be used for both benign and malicious purposes, such as circumventing censorship or hiding malware-related communications from network security systems. Since domain fronting has been known for a few years, some popular CDN providers have implemented traffic filtering approaches to curb its use at their CDN infrastructure. However, it remains unclear to what extent domain fronting has been mitigated. To better understand whether domain fronting can still be effectively used, we propose a systematic approach to discover CDNs that are still prone to domain fronting. To this end, we leverage passive and active DNS traffic analysis to pinpoint domain names served by CDNs and build an automated tool that can be used to discover CDNs that allow domain fronting in their infrastructure. Our results reveal that domain fronting is feasible in 22 out of 30 CDNs that we tested, including some major CDN providers like Akamai and Fastly. This indicates that domain fronting remains widely available and can be easily abused for malicious purposes.
Related papers
- MANTIS: Detection of Zero-Day Malicious Domains Leveraging Low Reputed Hosting Infrastructure [6.214359156708907]
Existing detection mechanisms are either too late to catch such malicious domains due to limited information and their short life spans or unable to catch them due to evasive techniques such as cloaking and captcha.
We build MANTIS, a system that not only generates daily blocklists of malicious domains but also is able to predict malicious domains on-demand.
On average, our models achieve a precision of 99.7%, a recall of 86.9% with a very low false positive rate (FPR) of 0.1% and on average detects 19K new malicious domains per day.
arXiv Detail & Related papers (2025-02-13T21:46:34Z) - Detecting and Measuring Security Implications of Entangled Domain Verification in CDN [30.611196380526213]
Absence of Domain Verification (DVA) is a significant security flaw in Content Delivery Networks (CDNs)
We present DVAHunter, an automated system for detecting DVA vulnerabilities that can lead to domain abuse in CDNs.
arXiv Detail & Related papers (2024-09-03T13:27:33Z) - Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates [1.135267457536642]
DNS dynamic updates represent an inherently vulnerable mechanism.
Non-secure DNS updates leave domains susceptible to a novel form of attack termed zone poisoning.
We undertook a comprehensive campaign involving the notification of Computer Security Incident Response Teams.
arXiv Detail & Related papers (2024-05-30T09:23:53Z) - Survey and Analysis of DNS Filtering Components [0.0]
cybercriminals often use DNS for malicious purposes, such as phishing, malware distribution, and botnet communication.
To combat these threats, filtering resolvers have become increasingly popular, employing various techniques to identify and block malicious requests.
We survey several techniques to implement and enhance the capabilities of filtering resolvers including response policy zones, threat intelligence feeds, and detection of algorithmically generated domains.
arXiv Detail & Related papers (2024-01-08T12:52:59Z) - DomainDrop: Suppressing Domain-Sensitive Channels for Domain
Generalization [25.940491294232956]
DomainDrop is a framework to continuously enhance the channel robustness to domain shifts.
Our framework achieves state-of-the-art performance compared to other competing methods.
arXiv Detail & Related papers (2023-08-20T14:48:52Z) - Open SESAME: Fighting Botnets with Seed Reconstructions of Domain
Generation Algorithms [0.0]
Bots can generate pseudorandom domain names using Domain Generation Algorithms (DGAs)
A cyber criminal can register such domains to establish periodically changing rendezvous points with the bots.
We introduce SESAME, a system that combines the two above-mentioned approaches and contains a module for automatic Seed Reconstruction.
arXiv Detail & Related papers (2023-01-12T14:25:31Z) - Cyclically Disentangled Feature Translation for Face Anti-spoofing [61.70377630461084]
We propose a novel domain adaptation method called cyclically disentangled feature translation network (CDFTN)
CDFTN generates pseudo-labeled samples that possess: 1) source domain-invariant liveness features and 2) target domain-specific content features, which are disentangled through domain adversarial training.
A robust classifier is trained based on the synthetic pseudo-labeled images under the supervision of source domain labels.
arXiv Detail & Related papers (2022-12-07T14:12:34Z) - IDM: An Intermediate Domain Module for Domain Adaptive Person Re-ID [58.46907388691056]
We argue that the bridging between the source and target domains can be utilized to tackle the UDA re-ID task.
We propose an Intermediate Domain Module (IDM) to generate intermediate domains' representations on-the-fly.
Our proposed method outperforms the state-of-the-arts by a large margin in all the common UDA re-ID tasks.
arXiv Detail & Related papers (2021-08-05T07:19:46Z) - Towards Corruption-Agnostic Robust Domain Adaptation [76.66523954277945]
We investigate a new task, Corruption-agnostic Robust Domain Adaptation (CRDA): to be accurate on original data and robust against unavailable-for-training corruptions on target domains.
We propose a new approach based on two technical insights into CRDA: 1) an easy-to-plug module called Domain Discrepancy Generator (DDG) that generates samples that enlarge domain discrepancy to mimic unpredictable corruptions; 2) a simple but effective teacher-student scheme with contrastive loss to enhance the constraints on target domains.
arXiv Detail & Related papers (2021-04-21T06:27:48Z) - Prototypical Cross-domain Self-supervised Learning for Few-shot
Unsupervised Domain Adaptation [91.58443042554903]
We propose an end-to-end Prototypical Cross-domain Self-Supervised Learning (PCS) framework for Few-shot Unsupervised Domain Adaptation (FUDA)
PCS not only performs cross-domain low-level feature alignment, but it also encodes and aligns semantic structures in the shared embedding space across domains.
Compared with state-of-the-art methods, PCS improves the mean classification accuracy over different domain pairs on FUDA by 10.5%, 3.5%, 9.0%, and 13.2% on Office, Office-Home, VisDA-2017, and DomainNet, respectively.
arXiv Detail & Related papers (2021-03-31T02:07:42Z) - Cross-domain Self-supervised Learning for Domain Adaptation with Few
Source Labels [78.95901454696158]
We propose a novel Cross-Domain Self-supervised learning approach for domain adaptation.
Our method significantly boosts performance of target accuracy in the new target domain with few source labels.
arXiv Detail & Related papers (2020-03-18T15:11:07Z) - Mind the Gap: Enlarging the Domain Gap in Open Set Domain Adaptation [65.38975706997088]
Open set domain adaptation (OSDA) assumes the presence of unknown classes in the target domain.
We show that existing state-of-the-art methods suffer a considerable performance drop in the presence of larger domain gaps.
We propose a novel framework to specifically address the larger domain gaps.
arXiv Detail & Related papers (2020-03-08T14:20:24Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.