Bournemouth University

Staff Profile Pages

Unearthing malicious campaigns and actors from the blockchain DNS ecosystem

Authors: Casino, F., Lykousas, N., Katos, V. and Patsakis, C.

Journal: Computer Communications

Volume: 179

Pages: 217-230

eISSN: 1873-703X

ISSN: 0140-3664

DOI: 10.1016/j.comcom.2021.08.023

Abstract:

Blockchain DNS has emerged as an alternative solution to traditional DNS to address many of its inherent drawbacks. In this regard, a blockchain DNS approach is decentralised, resilient, provides high availability, and prevents censorship. Unfortunately, despite these desirable features, the major blockchain DNS solutions to date, Namecoin and Emercoin have been repeatedly reported for malicious abuse, ranging from malware distribution to phishing. In this work, we perform a longitudinal analysis of both these chains trying to identify and quantify the penetration of malicious actors in their ecosystems. To this end, we apply a haircut blacklisting policy and the intelligence collected from various engines to perform a taint analysis on the metadata existing in these blockchains, aiming to identify malicious acts through the merge of identifying information. Our analysis provides an automated validation methodology that supports the various reports about the wide-scale abuse of these solutions showing that malicious actors have already obtained an alarming and extensive share of these platforms.

https://eprints.bournemouth.ac.uk/36303/

Source: Scopus

Unearthing malicious campaigns and actors from the blockchain DNS ecosystem

Authors: Casino, F., Lykousas, N., Katos, V. and Patsakis, C.

Journal: COMPUTER COMMUNICATIONS

Volume: 179

Pages: 217-230

eISSN: 1873-703X

ISSN: 0140-3664

DOI: 10.1016/j.comcom.2021.08.023

https://eprints.bournemouth.ac.uk/36303/

Source: Web of Science (Lite)

Unearthing malicious campaigns and actors from the blockchain DNS ecosystem

Authors: Casino, F., Lykousas, N., Katos, V. and Patsakis, C.

Journal: Computer Communications

Volume: 179

Issue: November

Pages: 217-230

ISSN: 0140-3664

Abstract:

Blockchain DNS has emerged as an alternative solution to traditional DNS to address many of its inherent drawbacks. In this regard, a blockchain DNS approach is decentralised, resilient, provides high availability, and prevents censorship. Unfortunately, despite these desirable features, the major blockchain DNS solutions to date, Namecoin and Emercoin have been repeatedly reported for malicious abuse, ranging from malware distribution to phishing. In this work, we perform a longitudinal analysis of both these chains trying to identify and quantify the penetration of malicious actors in their ecosystems. To this end, we apply a haircut blacklisting policy and the intelligence collected from various engines to perform a taint analysis on the metadata existing in these blockchains, aiming to identify malicious acts through the merge of identifying information. Our analysis provides an automated validation methodology that supports the various reports about the wide-scale abuse of these solutions showing that malicious actors have already obtained an alarming and extensive share of these platforms.

https://eprints.bournemouth.ac.uk/36303/

Source: BURO EPrints