Survey on Domain Name Abuse Detection Technology

Domain name system is one of the most critical components of the global Internet infrastructure in the network and information age. But it is also being abused by various types of cyber attacks, such as botnet command and control, spam delivery, and phishing, which are emerging as the most serious threat against cyber-security. The existing domain name abuse detection technologies are comprehensively reviewed from the perspective of typical detection scenarios. First, the background knowledge of domain name abuse detection is introduced. By investigating the existing domain name abuse detection schemes, a taxonomy of detection scenarios is put forward. Moreover, the typical features and detection methods are also summarized. Second, the evolution process of attack and defense technologies for domain name abuse in five typical detection scenarios, including malware, phishing, cybersquatting, spam, and unrestricted abuse behavior, are respectively elaborated. Furthermore, an comprehensive summary of domain name abuse detection methods is given from multiple dimensions such as technical solutions, typical features, and detection algorithms. And a systematic overview of existing domain name abuse detection methods is conducted. Finally, the challenges faced by domain name abuse detection technology and future research directions are discussed, with a view to further improve the ecological environment of domain name system.