Special Interest Forum  on DNS Abuse Measurement Technology


The DNS architecture has sparked growing interest and body of work in the last ten years to meet the security and privacy requirements of modern computing paradigms. From a cyber security standpoint, there is rising concern about the DNS being abused.

Attackers are increasingly distorting the purpose for which the DNS was built, exploiting it as an attack vector against other resources and services. Data tunneling, bandwidth amplification, and algorithmically generated names are increasingly misusing the DNS infrastructures to hide the true network identities of botnet nodes, obtain stealth communication with command-and-control botnet servers, spread malware, and perform denial of service (DoS) and other types of attacks against services and systems outside DNS.

Given the threats from and to the DNS, it is essential to develop techniques to identify and quantify the different forms of DNS abuse. These techniques would not only help to grow the understanding of these threats but also provide the basis for potential countermeasures and deployment of security controls.


DNS abuse measurement SIFT aims at providing a platform to share this knowledge with the whole community. From academics creating new security frameworks to cybersecurity providers detecting new threats, every cybersecurity professional possesses a set of methods, tools, and knowledge that helps to fight DNS abuse.

The goals of this SIFT are to:

  • Encourage the cooperation of community members enabling them to exchange information and discuss the DNS abuse measurement technologies.
  • Enable ICANN to further support the community in sharing knowledge around DNS abuse measurements.
  • Present the latest developments in the Internet industry and to identify and discuss the specific issues that affect DNS abuse.


The DNS abuse measurement SIFT invites the community to share knowledge around all aspects of DNS abuse measurements.  This includes measuring the role of DNS in different threats such as phishing, malware, smishing, vishing, spam, spit (spam over internet telephony), spim (spam over instant messenger), viruses, spyware, etc.

This SIFT will be especially welcoming contributions of important or incumbent DNS abuse measurement techniques. These contributions could come in the form of blogs, posts, webinars, datasets, and papers describing experimental or theoretical on all aspects of DNS abuse, including but not limited to:

  • Techniques for detecting DNS abuse (including machine learning techniques)
  • Techniques to categorize types of DNS abuse
  • Industry tools (commercial or open source) and matters of commercial or practical interest regarding DNS abuse measurements
  • New standards/tools to measure and share DNS abuse information
  • Analysis of open source threat intelligence datasets related to DNS abuse
  • Description of real-world examples of emerging/existing DNS abuse

Join the conversation

To subscribe to the DNS Abuse Measurement Technology SIFT mailing list, send an e-mail to:


Link to Relevant Documents

  • No labels