A large number of domains are abused every day for cybercrime. At the same time, the fight against abusive domains is not the fight of one person or organization but a battle that requires the cooperation of the entire community. A large number of domain names on the Internet are misused daily for cybercriminal activities, ranging from spoofing victims’ private information (phishing), to maliciously installing software onto end-users’ devices (malware attacks), to distributing illegal obscene videos. Internet abuse continues to victimize millions of people each year, reducing trust in the Internet as a place to conduct business and non-business activities. This decline in confidence has a detrimental effect on all stakeholders in the Internet ecosystem, from end-users to infrastructure service providers.
1. Introduction
Internet abuse continues to victimize millions of people each year, reducing trust in the Internet as a place to conduct business and non-business activities
[1,2][1][2]. This decline in confidence has a detrimental effect on all stakeholders in the Internet ecosystem, from end-users to infrastructure service providers.
A lot of res
earch and resources are devoted to how to identify or detect these abusive domains early and accurately
[3,4,5,6,7,8][3][4][5][6][7][8]. However, the issues of determining which Internet entities are responsible and what methods are used to handle discovered abusive domains are worthy of in-depth
studyone [9]. An abusive domain name involves many Internet entities (
for e
.g.xample, registrars and web hosting providers), from registration to the commission of cybercrime, as shown in
Figure 1. As a result, the fight against domain name abuse is not the fight of one person or organization but a battle requiring the entire community’s participation
[10]. The Internet Corporation for Assigned Names and Numbers (ICANN) states that the best strategy to combat domain name abuse is to join many entities and choose the best approach, such as governments, operators, institutions, and Internet communities.
Figure 1.
Conceptual diagram of the Internet ecosystem portion contractually.
In China, pornography and gambling domains are not only defined as abusive but are also against the law. At the same time, China has one-fifth of the world’s Internet users. Therefore, the government, the security community, and academia need to studylearn more mechanisms to deal with abusive domains quickly and effectively.
2. Definition of Abusive Domain Name
The report of the ICANN Security and Stability Advisory Committee (SSAC)
[10] defines five types of harmful activities as DNS abuse, namely malware, botnets, phishing, pharming, and spam, all of which are domain name related. On the other hand, SSAC considers some of the specific definitions to be limited, and the above does not provide a general definition of abuse that can accommodate the evolving nature of abuse and cybercrime across the country and over time. The definition of domain name abuse also needs to consider each country’s culture and legal requirements. For example, in some countries
[11[11][12][13][14],
12,13,14], the use of domain names for pornography (especially child pornography) and gambling is not only abusive but also illegal.
Chinese law strictly prohibits individuals or organizations from establishing and accessing pornographic or gambling websites. At the same time, China has one-fifth of the world’s Internet users. Thus, the abusive domain names surviving on the Internet affect a wide range of users. This indicates the importance of how quickly and effectively entities can deal with abusive domains, which is also the goal of this paper. Moreover, while
weit use
s pornography and gambling domain names
as case studies, the methods and response time of Internet entities to deal with different types of abusive domain names are the same.
3. Internet Entities Involved in Domain Names
The Internet is a worldwide distributed network comprised of numerous autonomous networks connected voluntarily. It is governed by a decentralized and international multistakeholder network of interconnected autonomous groups comprised of civil society, business, government, academia, research, and national and international organizations. They work together across their different jobs to develop policies and standards that keep the Internet working worldwide for the public good. As a result, this architecture leads to many infrastructures and entities involved in the Internet for end-users to access the services (e.g., websites and email) provided by domain names, as illustrated in
Figure 1.
Abusive domain names to victimize or attack end-users involve four main categories of Internet infrastructure or entities:
-
Domain name registration. At this stage, the abuser selects the appropriate registrar to register the domain name for user access to the abusive content. According to the data published by ICANN, there are presently 2543 ICANN-accredited
[15] registrars worldwide. Generally, abusers choose registrars that are inefficient at handling abusive domains or charge lower fees for domain names.
-
Renting web servers. A web hosting provider provides the services required for the abuser to create and maintain websites and make them available on the World Wide Web. When choosing a provider, abusers consider the price and the provider’s authority to fight against abusive domain names. For example, most owners of pornographic websites do not choose a provider in China. This is because the Chinese providers require the site owner to authenticate with their real name. This dramatically increases the risk of legal sanctions against abusers.
-
Configuring DNS records for the domain name. Similarly, the abuser chooses a DNS hosting provider and uses the resolution services it provides to configure the correct DNS records for the domain name.
-
Accessing abusive domain names. An end-user accesses abusive domain names using the browser of a device (PC or cell phone) based on the network service provided by the Internet Service Providers (ISPs). In resolving the domain name to an IP, the DNS recursive server used by the user may be the ISP’s default configuration or another organization’s DNS (
Abusive domain names require many Internet resources if they are to function correctly. If an abuser acquires a resource directly (through purchase or provisioning), the related service provider would be the most effective party to handle the issue. Likewise, when a service is compromised, its owner and provider might play a critical role in fixing the compromise and misuse. In general, these entities are not just accountable for the proper operation of the Internet ecosystem, such as Internet users accessing websites via their browsers. Additionally, these entities are responsible for fighting against abusive domain names.
4. Related Work
4. Abusive Domain Names by Internet Entities
Identifying and detecting abusive domain names, their reporting, and how they should be addressed are hot topics in the Internet enterprise and the academic fields.