{"id":"https://openalex.org/W7123408833","doi":"https://doi.org/10.1109/ecrime66972.2025.11327823","title":"Detecting Malicious Domain Registration Batches: Patterns, Prevalence, and Security Implications","display_name":"Detecting Malicious Domain Registration Batches: Patterns, Prevalence, and Security Implications","publication_year":2025,"publication_date":"2025-11-04","ids":{"openalex":"https://openalex.org/W7123408833","doi":"https://doi.org/10.1109/ecrime66972.2025.11327823"},"language":null,"primary_location":{"id":"doi:10.1109/ecrime66972.2025.11327823","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327823","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5110006597","display_name":"Samuel Cheadle","orcid":null},"institutions":[{"id":"https://openalex.org/I1292585137","display_name":"United States Social Security Administration","ror":"https://ror.org/04b7xxn32","country_code":"US","type":"government","lineage":["https://openalex.org/I1292585137"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Samuel Cheadle","raw_affiliation_strings":["Security, Stability, and Resiliency Research, Office of the CTO ICANN"],"affiliations":[{"raw_affiliation_string":"Security, Stability, and Resiliency Research, Office of the CTO ICANN","institution_ids":["https://openalex.org/I1292585137"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048211807","display_name":"Carlos Ga\u00f1\u00e1n","orcid":"https://orcid.org/0000-0002-4699-3007"},"institutions":[{"id":"https://openalex.org/I1292585137","display_name":"United States Social Security Administration","ror":"https://ror.org/04b7xxn32","country_code":"US","type":"government","lineage":["https://openalex.org/I1292585137"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Carlos H. Ga\u00f1\u00e1n","raw_affiliation_strings":["Security, Stability, and Resiliency Research, Office of the CTO ICANN"],"affiliations":[{"raw_affiliation_string":"Security, Stability, and Resiliency Research, Office of the CTO ICANN","institution_ids":["https://openalex.org/I1292585137"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108854052","display_name":"Si\u00f4n Lloyd","orcid":null},"institutions":[{"id":"https://openalex.org/I1292585137","display_name":"United States Social Security Administration","ror":"https://ror.org/04b7xxn32","country_code":"US","type":"government","lineage":["https://openalex.org/I1292585137"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Si\u00f4n Lloyd","raw_affiliation_strings":["Security, Stability, and Resiliency Research, Office of the CTO ICANN"],"affiliations":[{"raw_affiliation_string":"Security, Stability, and Resiliency Research, Office of the CTO ICANN","institution_ids":["https://openalex.org/I1292585137"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019071393","display_name":"Samaneh Tajalizadehkhoob","orcid":"https://orcid.org/0009-0003-0359-2478"},"institutions":[{"id":"https://openalex.org/I1292585137","display_name":"United States Social Security Administration","ror":"https://ror.org/04b7xxn32","country_code":"US","type":"government","lineage":["https://openalex.org/I1292585137"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Samaneh Tajalizadehkhoob","raw_affiliation_strings":["Security, Stability, and Resiliency Research, Office of the CTO ICANN"],"affiliations":[{"raw_affiliation_string":"Security, Stability, and Resiliency Research, Office of the CTO ICANN","institution_ids":["https://openalex.org/I1292585137"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5110006597"],"corresponding_institution_ids":["https://openalex.org/I1292585137"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.82596495,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.25929999351501465,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.25929999351501465,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.2062000036239624,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.20160000026226044,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.769599974155426},{"id":"https://openalex.org/keywords/cybercrime","display_name":"Cybercrime","score":0.42730000615119934},{"id":"https://openalex.org/keywords/domain-name","display_name":"Domain name","score":0.4205000102519989},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.3610999882221222},{"id":"https://openalex.org/keywords/security-domain","display_name":"Security domain","score":0.3458999991416931}],"concepts":[{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.769599974155426},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7486000061035156},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7311999797821045},{"id":"https://openalex.org/C2779390178","wikidata":"https://www.wikidata.org/wiki/Q29137","display_name":"Cybercrime","level":3,"score":0.42730000615119934},{"id":"https://openalex.org/C2988987868","wikidata":"https://www.wikidata.org/wiki/Q32635","display_name":"Domain name","level":3,"score":0.4205000102519989},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39809998869895935},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3610999882221222},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.3458999991416931},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.33239999413490295},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3181999921798706},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.26179999113082886},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.257999986410141},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.25060001015663147}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ecrime66972.2025.11327823","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327823","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5757112503051758,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W2061153163","https://openalex.org/W2102333560","https://openalex.org/W2153545488","https://openalex.org/W2507466050","https://openalex.org/W2533677686","https://openalex.org/W2803489710","https://openalex.org/W2805724970","https://openalex.org/W2990244238","https://openalex.org/W4392980741"],"related_works":[],"abstract_inverted_index":{"The":[0],"registration":[1],"of":[2,27,57],"domains":[3],"in":[4,98],"large,":[5],"time-bound":[6],"batches":[7],"is":[8],"a":[9,24,43],"well-known":[10],"tactic":[11],"among":[12],"cybercriminals":[13],"seeking":[14],"to":[15,67],"enable":[16],"DNS":[17],"abuse":[18,69,82],"at":[19],"scale.":[20],"This":[21],"paper":[22],"presents":[23],"comprehensive":[25],"study":[26],"batch":[28,75],"domain":[29,47,95],"registrations,":[30,60],"focusing":[31],"on":[32],"their":[33],"detection,":[34],"prevalence,":[35],"and":[36,51,61,84,89,101,110,123],"correlation":[37],"with":[38,64],"malicious":[39,93],"activity.":[40],"We":[41,104],"introduce":[42],"clustering-based":[44],"methodology":[45],"leveraging":[46],"creation":[48],"time,":[49],"registrar":[50,102],"authoritative":[52],"nameserver":[53],"data;":[54],"analyze":[55],"millions":[56],"recent":[58],"gTLD":[59],"cross-reference":[62],"these":[63],"security":[65],"feeds":[66],"assess":[68],"rates.":[70],"Our":[71],"results":[72],"indicate":[73],"that":[74],"registrations":[76],"are":[77,85],"prevalent,":[78],"significantly":[79],"predict":[80],"overall":[81],"rates,":[83],"useful":[86],"for":[87,108,113],"pivoting":[88],"expanding":[90],"from":[91],"known":[92],"\"seed\"":[94],"sets,":[96],"particularly":[97],"certain":[99],"TLDs":[100],"environments.":[103],"discuss":[105],"the":[106,117],"implications":[107],"defenders":[109],"propose":[111],"directions":[112],"further":[114],"research,":[115],"including":[116],"challenges":[118],"posed":[119],"by":[120],"privacy":[121],"regulations":[122],"evolving":[124],"attacker":[125],"tactics.":[126]},"counts_by_year":[],"updated_date":"2026-01-14T23:44:37.837170","created_date":"2026-01-14T00:00:00"}