Security Seminar

Global Measurement of DNS Manipulation

Paul PearceFinal-year PhD StudentUC Berkeley

Despite the pervasive nature of Internet censorship and the continuous
evolution of how and where censorship is applied, measurements of
censorship remain comparatively sparse. Understanding the scope,
scale, and evolution of Internet censorship requires global
measurements, performed at regular intervals. Unfortunately, the state
of the art relies on techniques that, by and large, require users to
directly participate in gathering these measurements, drastically
limiting their coverage and inhibiting regular data collection. To
facilitate large-scale measurements that can fill this gap in
understanding, we develop Iris, a scalable, accurate, and ethical
method to measure global manipulation of DNS resolutions. Iris reveals
widespread DNS manipulation of many domain names; our findings both
confirm anecdotal or limited results from previous work and reveal new
patterns in DNS manipulation.
Paul Pearce is a final-year PhD student at UC Berkeley advised by Vern Paxson
and a member of the Center for Evidence-based Security Research (CESR). His
research focuses on network security and measurement, including areas such as
censorship, cybercrime, and advanced persistent threats (APTs). Previously he
worked to analyze the makeup and impact of the ad injection ecosystem,
including analysis of the ZeroAccess botnet's infrastructure and monetization
strategies. Most recently his research includes Augur, a method and system for
identifying network disruption using TCP/IP side channels, Internet-wide.

Sponsored by