{"id":"https://openalex.org/W4307020294","doi":"https://doi.org/10.1145/3517745.3561425","title":"Retroactive identification of targeted DNS infrastructure hijacking","display_name":"Retroactive identification of targeted DNS infrastructure hijacking","publication_year":2022,"publication_date":"2022-10-21","ids":{"openalex":"https://openalex.org/W4307020294","doi":"https://doi.org/10.1145/3517745.3561425"},"language":"en","primary_location":{"id":"doi:10.1145/3517745.3561425","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3517745.3561425","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561425","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561425","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085735887","display_name":"Gautam Akiwate","orcid":"https://orcid.org/0000-0002-1359-1722"},"institutions":[{"id":"https://openalex.org/I2800935791","display_name":"UC San Diego Health System","ror":"https://ror.org/01kbfgm16","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I2800935791"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Gautam Akiwate","raw_affiliation_strings":["UC San Diego"],"affiliations":[{"raw_affiliation_string":"UC San Diego","institution_ids":["https://openalex.org/I2800935791"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002961985","display_name":"Raffaele Sommese","orcid":"https://orcid.org/0000-0003-3484-9259"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Raffaele Sommese","raw_affiliation_strings":["University of Twente"],"affiliations":[{"raw_affiliation_string":"University of Twente","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043382340","display_name":"Mattijs Jonker","orcid":"https://orcid.org/0000-0001-5174-9140"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Mattijs Jonker","raw_affiliation_strings":["University of Twente"],"affiliations":[{"raw_affiliation_string":"University of Twente","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069939742","display_name":"Zakir Durumeric","orcid":"https://orcid.org/0000-0002-9647-4192"},"institutions":[{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zakir Durumeric","raw_affiliation_strings":["Censys/Stanford University"],"affiliations":[{"raw_affiliation_string":"Censys/Stanford University","institution_ids":["https://openalex.org/I97018004"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072282499","display_name":"kc claffy","orcid":"https://orcid.org/0000-0003-4824-3493"},"institutions":[{"id":"https://openalex.org/I2800935791","display_name":"UC San Diego Health System","ror":"https://ror.org/01kbfgm16","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I2800935791"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"KC Claffy","raw_affiliation_strings":["CAIDA/UC San Diego"],"affiliations":[{"raw_affiliation_string":"CAIDA/UC San Diego","institution_ids":["https://openalex.org/I2800935791"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081366293","display_name":"Geoffrey M. Voelker","orcid":"https://orcid.org/0000-0003-0865-7499"},"institutions":[{"id":"https://openalex.org/I2800935791","display_name":"UC San Diego Health System","ror":"https://ror.org/01kbfgm16","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I2800935791"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Geoffrey M. Voelker","raw_affiliation_strings":["UC San Diego"],"affiliations":[{"raw_affiliation_string":"UC San Diego","institution_ids":["https://openalex.org/I2800935791"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048394730","display_name":"Stefan Savage","orcid":"https://orcid.org/0000-0001-6617-8029"},"institutions":[{"id":"https://openalex.org/I2800935791","display_name":"UC San Diego Health System","ror":"https://ror.org/01kbfgm16","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I2800935791"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Stefan Savage","raw_affiliation_strings":["UC San Diego"],"affiliations":[{"raw_affiliation_string":"UC San Diego","institution_ids":["https://openalex.org/I2800935791"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5085735887"],"corresponding_institution_ids":["https://openalex.org/I2800935791"],"apc_list":null,"apc_paid":null,"fwci":1.8046,"has_fulltext":true,"cited_by_count":14,"citation_normalized_percentile":{"value":0.87438825,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"14","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.806847870349884},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.623796820640564},{"id":"https://openalex.org/keywords/homeland-security","display_name":"Homeland security","score":0.62051922082901},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5242105722427368},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5162103772163391},{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.4892416000366211},{"id":"https://openalex.org/keywords/transparency","display_name":"Transparency (behavior)","score":0.4641002416610718},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.46375659108161926},{"id":"https://openalex.org/keywords/law-enforcement","display_name":"Law enforcement","score":0.44659700989723206},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.4144403040409088},{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.41193145513534546},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4107286036014557},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23470216989517212},{"id":"https://openalex.org/keywords/terrorism","display_name":"Terrorism","score":0.1956680417060852},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.11117708683013916}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.806847870349884},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.623796820640564},{"id":"https://openalex.org/C506469952","wikidata":"https://www.wikidata.org/wiki/Q181467","display_name":"Homeland security","level":3,"score":0.62051922082901},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5242105722427368},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5162103772163391},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.4892416000366211},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.4641002416610718},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.46375659108161926},{"id":"https://openalex.org/C2780262971","wikidata":"https://www.wikidata.org/wiki/Q44554","display_name":"Law enforcement","level":2,"score":0.44659700989723206},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.4144403040409088},{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.41193145513534546},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4107286036014557},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23470216989517212},{"id":"https://openalex.org/C203133693","wikidata":"https://www.wikidata.org/wiki/Q7283","display_name":"Terrorism","level":2,"score":0.1956680417060852},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.11117708683013916},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3517745.3561425","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3517745.3561425","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561425","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM Internet Measurement Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:ris.utwente.nl:publications/b402d30c-6a00-4966-8062-ed2c134239c1","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/b402d30c-6a00-4966-8062-ed2c134239c1","pdf_url":"https://ris.utwente.nl/ws/files/287286585/3517745.3561425.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Akiwate, G, Sommese, R, Jonker, M, Durumeric, Z, Claffy, K, Voelker, G M & Savage, S 2022, Retroactive identification of targeted DNS infrastructure hijacking. in Proceedings of the 22nd ACM Internet Measurement Conference. Association for Computing Machinery, pp. 14-32, 22nd ACM Internet Measurement Conference, IMC 2022, Nice, France, 25/10/22. https://doi.org/10.1145/3517745.3561425","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:zenodo.org:7696247","is_oa":true,"landing_page_url":"https://zenodo.org/record/7696247","pdf_url":"https://zenodo.org/record/7696247","source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"doi:10.1145/3517745.3561425","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3517745.3561425","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3517745.3561425","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM Internet Measurement Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.4399999976158142}],"awards":[{"id":"https://openalex.org/G1028916383","display_name":null,"funder_award_id":"FA8750-19-2-0004","funder_id":"https://openalex.org/F4320306110","funder_display_name":"U.S. Department of Homeland Security"},{"id":"https://openalex.org/G1123483016","display_name":null,"funder_award_id":"OAC-2131987, CNS-1705050, and CNS-2152644","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G1169421534","display_name":null,"funder_award_id":"CNS-2152644","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G1646027462","display_name":"SaTC: CORE: Medium: After the Breach: Detecting Lateral Movement, Reconnaissance, and Exfiltration in Enterprise Networks","funder_award_id":"2152644","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3357093138","display_name":"Mid-scale RI-1 (M1:DP): Designing a global measurement infrastructure to improve Internet security","funder_award_id":"2131987","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3418842755","display_name":null,"funder_award_id":"830927","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G522488875","display_name":null,"funder_award_id":"OAC-2131987","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7331901853","display_name":null,"funder_award_id":"EU H2020","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G7741952749","display_name":null,"funder_award_id":"830927","funder_id":"https://openalex.org/F4320338335","funder_display_name":"H2020 European Research Council"},{"id":"https://openalex.org/G8440009107","display_name":"SaTC: CORE: Medium: Large-Scale Characterization of DNS Abuse","funder_award_id":"1705050","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8457175781","display_name":null,"funder_award_id":"628.001.031","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G94155031","display_name":"11th Bcool Meeting","funder_award_id":"21526","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"},{"id":"https://openalex.org/F4320321800","display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","ror":"https://ror.org/04jsz6e67"},{"id":"https://openalex.org/F4320332603","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48"},{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320338335","display_name":"H2020 European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4307020294.pdf","grobid_xml":"https://content.openalex.org/works/W4307020294.grobid-xml"},"referenced_works_count":16,"referenced_works":["https://openalex.org/W1927311981","https://openalex.org/W2487661922","https://openalex.org/W2535407856","https://openalex.org/W2915352631","https://openalex.org/W2988889042","https://openalex.org/W3093996454","https://openalex.org/W3096245080","https://openalex.org/W3110237032","https://openalex.org/W3208414471","https://openalex.org/W3210272054","https://openalex.org/W3215332817","https://openalex.org/W4206147779","https://openalex.org/W4213040733","https://openalex.org/W4213190682","https://openalex.org/W4213362721","https://openalex.org/W4285555451"],"related_works":["https://openalex.org/W4235220108","https://openalex.org/W124163017","https://openalex.org/W1505117117","https://openalex.org/W1548628725","https://openalex.org/W2041886853","https://openalex.org/W2222263246","https://openalex.org/W2738891359","https://openalex.org/W1647152206","https://openalex.org/W2123701986","https://openalex.org/W2979276946"],"abstract_inverted_index":{"In":[0],"2019,":[1],"the":[2,60,100,119],"US":[3],"Department":[4],"of":[5,23,62,102,121,142,164,177],"Homeland":[6],"Security":[7],"issued":[8],"an":[9],"emergency":[10],"warning":[11],"about":[12],"DNS":[13,39,149,166],"infrastructure":[14,40,167],"tampering.":[15],"This":[16,126],"alert,":[17],"in":[18,185],"response":[19],"to":[20,37,41,90,109,132,173],"a":[21,31,76,129,140,158,175],"series":[22],"attacks":[24,86],"against":[25],"foreign":[26],"government":[27,180],"websites,":[28],"highlighted":[29],"how":[30],"sophisticated":[32,165],"attacker":[33],"could":[34],"leverage":[35],"access":[36],"key":[38],"then":[42],"hijack":[43],"traffic":[44],"and":[45,104,106,151,169,188],"harvest":[46],"valid":[47],"login":[48],"credentials":[49],"for":[50,160],"target":[51],"organizations.":[52],"However,":[53],"even":[54,115],"armed":[55],"with":[56],"this":[57,136],"knowledge,":[58],"identifying":[59,161],"existence":[61],"such":[63,85],"incidents":[64],"has":[65],"been":[66],"almost":[67],"entirely":[68],"via":[69,80],"post":[70],"hoc":[71],"forensic":[72,124],"reports":[73],"(i.e.,":[74],"after":[75],"breach":[77],"was":[78],"found":[79],"some":[81],"other":[82],"method).":[83],"Indeed,":[84],"are":[87,107],"particularly":[88],"challenging":[89],"detect":[91],"because":[92],"they":[93],"can":[94],"be":[95],"very":[96],"short":[97],"lived,":[98],"bypass":[99],"protections":[101],"TLS":[103],"DNSSEC,":[105],"imperceptible":[108],"users.":[110],"Identifying":[111],"them":[112],"retroactively":[113],"is":[114,128],"more":[116],"complicated":[117],"by":[118],"lack":[120],"fine-grained":[122],"Internet-scale":[123],"data.":[125],"paper":[127],"first":[130],"attempt":[131],"make":[133],"progress":[134],"at":[135],"latter":[137],"goal.":[138],"Combining":[139],"range":[141,176],"longitudinal":[143],"data":[144],"from":[145],"Internet-wide":[146],"scans,":[147],"passive":[148],"records,":[150],"Certificate":[152],"Transparency":[153],"logs,":[154],"we":[155],"have":[156,170],"constructed":[157],"methodology":[159],"potential":[162],"victims":[163,178],"hijacking":[168],"used":[171],"it":[172],"identify":[174],"(primarily":[179],"agencies),":[181],"both":[182],"those":[183],"named":[184],"prior":[186],"reporting,":[187],"others":[189],"previously":[190],"unknown.":[191]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4}],"updated_date":"2026-04-11T08:14:18.477133","created_date":"2025-10-10T00:00:00"}