Skip to main content
Annual Computer Security Applications Conference (ACSAC) 2017

Full Program »

Lean On Me: Mining Internet Service Dependencies From Large-Scale DNS Data

Most websites, services, and applications have come to rely on Internet services (e.g., DNS, CDN, email, WWW, etc.) offered by third parties. Although employing such services generally improves reliability and cost-effectiveness, it also creates dependencies on service providers, which may expose websites to additional risks, such as DDoS attacks or cascading failures. As Cloud services are becoming more popular, an increasing percentage of the overall Internet ecosystem relies on a decreasing number of highly popular services. In our general effort to assess the security risk for a given entity, and motivated by the effects of recent service disruptions, we perform a large-scale analysis of passive and active DNS datasets including more than 2.5 trillion queries in order to discover the dependencies between websites and Internet services.

In this paper, we present the findings of our DNS dataset analysis, and attempt to expose important insights about the ecosystem of dependencies. To further understand the nature of dependencies, we perform graph-theoretic analysis on the dependency graph and propose support power, a novel power measure that can quantify the amount of dependence websites and other services have on a particular service. Our DNS analysis findings reveal that the current service ecosystem is dominated by a handful of popular service providers—with Amazon being the leader, by far—whose popularity is steadily increasing. These findings are further supported by our graph analysis results, which also reveals a set of less-popular services that many (regional) websites depend on.

Matteo Dell'Amico
Symantec Research Labs
France

Leyla Bilge
Symantec Research Labs
France

K. Ashwin Kumar
Symantec Research Labs
United States

Petros Efstathopoulos
Symantec Research Labs
United States

Pierre-Antoine Vervier
Symantec Research Labs
France

 

Powered by OpenConf®
Copyright ©2002-2017 Zakon Group LLC