research-article

Who Controls the Internet?: Analyzing Global Threats using Property Graph Traversals

Authors:

Milivoj Simeonovski,

Giancarlo Pellegrino,

Christian Rossow,

Michael BackesAuthors Info & Claims

WWW '17: Proceedings of the 26th International Conference on World Wide Web

Pages 647 - 656

https://doi.org/10.1145/3038912.3052587

Published: 03 April 2017 Publication History

Abstract

The Internet is built on top of intertwined network services, e.g., email, DNS, and content distribution networks operated by private or governmental organizations. Recent events have shown that these organizations may, knowingly or unknowingly, be part of global-scale security incidents including state-sponsored mass surveillance programs and large-scale DDoS attacks. For example, in March 2015 the Great Cannon attack has shown that an Internet service provider can weaponize millions of Web browsers and turn them into DDoS bots by injecting malicious JavaScript code into transiting TCP connections.

While attack techniques and root cause vulnerabilities are routinely studied, we still lack models and algorithms to study the intricate dependencies between services and providers, reason on their abuse, and assess the attack impact. To close this gap, we present a technique that models services, providers, and dependencies as a property graph. Moreover, we present a taint-style propagation-based technique to query the model, and present an evaluation of our framework on the top 100k Alexa domains.

References

[1]

MaxMind: IP Geolocation and Online Fraud Prevention. http://dev.maxmind.com/.

[2]

RIPE Stat: Information about specific IP addresses and prefixes. https://stat.ripe.net/.

[3]

The New Threat: Targeted Internet Traffic Misdirection. http://research.dyn.com/2013/11/mitm-internet-hijacking/.

[4]

UK traffic diverted through Ukraine. http://research.dyn.com/2015/03/uk-traffic-diverted-ukraine/.

[5]

R. Albert, H. Jeong, and A.-L. Barabási. Error and attack tolerance of complex networks. nature, 406(6794):378--382, 2000.

[6]

K. R. Butler, T. R. Farley, P. McDaniel, and J. Rexford. A survey of bgp security issues and solutions. Proceedings of the IEEE, 98(1):100--122, 2010.

[7]

F. Cangialosi, T. Chung, D. R. Choffnes, D. Levin, B. M. Maggs, A. Mislove, and C. Wilson. Measurement and analysis of private key sharing in the HTTPS ecosystem. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 628--640, 2016.

Digital Library

[8]

R. Cohen, K. Erez, D. B. Avraham, and S. Havlin. Breakdown of the Internet under Intentional Attack. Physical Review Letters, 86(16):3682--3685, Apr. 2001.

[9]

L. Daigle. WHOIS Protocol Specification. RFC 3912 (Draft Standard), Sept. 2004.

[10]

S. Frey, Y. Elkhatib, A. Rashid, K. Follis, J. Vidler, N. Race, and C. Edwards. It bends but would it break? topological analysis of bgp infrastructures in europe. In 2016 IEEE European Symposium on Security and Privacy (Euro S&P 16), pages 423--438, March 2016.

[11]

E. Hjelmvik. China's man-on-the-side attack on github. http://bit.ly/2kx4zAE, 2015.

[12]

W. Jiang, D. Lee, and S. Hu. Large-scale longitudinal analysis of soap-based and restful web services. In Web Services (ICWS), 2012 IEEE 19th International Conference on, pages 218--225, June 2012.

Digital Library

[13]

S.-C. Kil, Hyunyoungand Oh, E. Elmacioglu, W. Nam, and D. Lee. Graph theoretic topological analysis of web service networks. World Wide Web, 12(3):321--343, 2009.

Digital Library

[14]

S. Landau. Making sense from snowden: What's significant in the nsa surveillance revelations. IEEE Security Privacy, 11(4):54--63, July 2013.

Digital Library

[15]

S. Liu, I. Foster, S. Savage, G. M. Voelker, and L. K. Saul. Who is .com?: Learning to parse whois records. In Proceedings of the 2015 ACM Conference on Internet Measurement Conference, IMC '15, pages 369--380, New York, NY, USA, 2015. ACM.

Digital Library

[16]

B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Scott-Railton, R. Deibert, and V. Paxson. An analysis of china great cannon. In 5th USENIX Workshop on Free and Open Communications on the Internet (FOCI 15), Washington, D.C., Aug. 2015. USENIX Association.

[17]

G. Nakibly, J. Schcolnik, and Y. Rubin. Website-targeted false content injection by network operators. In 25th USENIX Security Symposium (USENIX Security 16), pages 227--244, Austin, TX, Aug. 2016. USENIX Association.

[18]

A. Natarajan, P. Ning, Y. Liu, S. Jajodia, and S. E. Hutchinson. NSDMiner: Automated discovery of Network Service Dependencies. In Proceedings of the IEEE INFOCOM 2012, Orlando, FL, USA, March 25--30, 2012, pages 2507--2515, 2012.

[19]

J. Newland. Large scale ddos attack on github.com. https://github.com/blog/1981-large-scale-ddos-attack-on-github-com, 2015.

[20]

N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. You are what you include: Large-scale evaluation of remote javascript inclusions. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 736--747, New York, NY, USA, 2012. ACM.

Digital Library

[21]

A. Noroozian, M. Korczyński, C. H. Ganan, D. Makita, K. Yoshioka, and M. van Eeten. Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service, pages 368--389. Springer International Publishing, Cham, 2016.

[22]

G. Pellegrino, C. Rossow, F. J. Ryba, T. C. Schmidt, and M. Wählisch. Cashing out the great cannon on browser-based ddos attacks and economics. In 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C., Aug. 2015. USENIX Association.

[23]

G. Pellegrino, C. Tschürtz, E. Bodden, and C. Rossow. jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications, pages 295--316. Springer International Publishing, Cham, 2015.

Digital Library

[24]

D. A. Wheeler and G. N. Larsen. Techniques for cyber attack attribution. Technical report, DTIC Document, 2003.

[25]

A. Zand, G. Vigna, R. A. Kemmerer, and C. Kruegel. Rippler: Delay injection for service dependency detection. In 2014 IEEE Conference on Computer Communications, INFOCOM 2014, Toronto, Canada, April 27-May 2, 2014, pages 2157--2165, 2014.

[26]

J. Zhao, J. Wu, M. Chen, Z. Fang, X. Zhang, and K. Xu. K-core-based attack to the internet: Is it more malicious than degree-based attack? World Wide Web, 18(3):749--766, 2015.

Digital Library

Cited By

Sosnowski MSattler PZirngibl JBetzer TCarle G(2024)Propagating Threat Scores with a TLS Ecosystem Graph Model Derived by Active Measurements2024 8th Network Traffic Measurement and Analysis Conference (TMA)10.23919/TMA62044.2024.10559063(1-11)Online publication date: 21-May-2024
https://doi.org/10.23919/TMA62044.2024.10559063
Tsoukaladelis CKondracki BBalasubramanian NNikiforakis N(2024)The Times They Are A-Changin’: Characterizing Post-Publication Changes to Online News2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00033(1573-1589)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00033
Ismail MAlrabaee SChoo KAli LHarous S(2024)A Comprehensive Evaluation of Machine Learning Algorithms for Web Application Attack Detection with Knowledge Graph IntegrationMobile Networks and Applications10.1007/s11036-024-02367-zOnline publication date: 19-Jul-2024
https://doi.org/10.1007/s11036-024-02367-z
Show More Cited By

Index Terms

Who Controls the Internet?: Analyzing Global Threats using Property Graph Traversals
1. Security and privacy
  1. Network security

Recommendations

Cybersecurity capabilities and cyber-attacks as drivers of investment in cybersecurity systems: A UK survey for 2018 and 2019
Abstract
Our study explores how cyber-capabilities and cyber-attacks drive investment in cybersecurity systems. We assume that cybersecurity investment is a strategic decision in the organizations. To analyze this research question, we make use ...
Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review
Abstract
With the rising demand for E-commerce, Social Networking websites, it has become essential to develop security protocols over the World Wide Web that can provide security and privacy to Internet users all over the globe. Several traditional ...
Cybersecurity Analysis to Determine the Impact on the Social area in Latin America and the Caribbean
ICETM '19: Proceedings of the 2019 2nd International Conference on Education Technology Management

This document presents an introduction to the events that occurred in Latin America and the Caribbean, where banks are compromised by cyber-attacks, the same case is also seen in Ecuador, where losses from these attacks would amount to $ 6 billion by ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '17: Proceedings of the 26th International Conference on World Wide Web

April 2017

1678 pages

ISBN:9781450349130

General Chairs:
Rick Barrett
W3Events
,
Rick Cummings
Murdoch University
,
Program Chairs:
Eugene Agichtein
Emory University
,
Evgeniy Gabrilovich
Google Research

Copyright © 2017 Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Sponsors

IW3C2: International World Wide Web Conference Committee

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

International World Wide Web Conferences Steering Committee

Republic and Canton of Geneva, Switzerland

Publication History

Published: 03 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

German Federal Ministry of Education and Research (BMBF)
project BOB

Conference

WWW '17

Sponsor:

IW3C2

WWW '17: 26th International World Wide Web Conference

April 3 - 7, 2017

Perth, Australia

Acceptance Rates

WWW '17 Paper Acceptance Rate 164 of 966 submissions, 17%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
386
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)5

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sosnowski MSattler PZirngibl JBetzer TCarle G(2024)Propagating Threat Scores with a TLS Ecosystem Graph Model Derived by Active Measurements2024 8th Network Traffic Measurement and Analysis Conference (TMA)10.23919/TMA62044.2024.10559063(1-11)Online publication date: 21-May-2024
https://doi.org/10.23919/TMA62044.2024.10559063
Tsoukaladelis CKondracki BBalasubramanian NNikiforakis N(2024)The Times They Are A-Changin’: Characterizing Post-Publication Changes to Online News2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00033(1573-1589)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00033
Ismail MAlrabaee SChoo KAli LHarous S(2024)A Comprehensive Evaluation of Machine Learning Algorithms for Web Application Attack Detection with Knowledge Graph IntegrationMobile Networks and Applications10.1007/s11036-024-02367-zOnline publication date: 19-Jul-2024
https://doi.org/10.1007/s11036-024-02367-z
Di Tizio GSpeicher PSimeonovski MBackes MStock BKünnemann R(2023)Pareto-optimal Defenses for the Web Infrastructure: Theory and PracticeACM Transactions on Privacy and Security10.1145/356759526:2(1-36)Online publication date: 13-Mar-2023
https://dl.acm.org/doi/10.1145/3567595
So JFerdman MNikiforakis N(2023)The More Things Change, the More They Stay the Same: Integrity of Modern JavaScriptProceedings of the ACM Web Conference 202310.1145/3543507.3583395(2295-2305)Online publication date: 30-Apr-2023
https://dl.acm.org/doi/10.1145/3543507.3583395
Kashaf ADou JBelova MApostolaki MAgarwal YSekar V(2023)A First Look at Third-Party Service Dependencies of Web Services in AfricaPassive and Active Measurement10.1007/978-3-031-28486-1_25(595-622)Online publication date: 21-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-28486-1_25
Papadogiannakis EPapadopoulos PP. Markatos EKourtellis N(2022)Leveraging Google’s Publisher-Specific IDs to Detect Website AdministrationProceedings of the ACM Web Conference 202210.1145/3485447.3512124(2522-2531)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512124
Di Tizio GMassacci F(2021)A Calculus of Tracking: Theory and PracticeProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00272021:2(259-281)Online publication date: 29-Jan-2021
https://doi.org/10.2478/popets-2021-0027
Leithner MSimos D(2021)CHIEvACM SIGAPP Applied Computing Review10.1145/3477133.347713421:1(5-23)Online publication date: 20-Jul-2021
https://dl.acm.org/doi/10.1145/3477133.3477134
Guo BShi FXu CZhang MLi Y(2021)Mining Centralization of Internet Service Infrastructure in the Wild2021 17th International Conference on Mobility, Sensing and Networking (MSN)10.1109/MSN53354.2021.00060(341-349)Online publication date: Dec-2021
https://doi.org/10.1109/MSN53354.2021.00060
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents