Page History

Introduction

The Special Interest Forums on Technology (abbreviated as "SIFT") is an initiative for interactive discussion and knowledge sharing on technical topics relevant to the DNS or the Internet's system of unique identifiers. It is a home for informal discussion within the ICANN ecosystem to openly discuss emerging technical topics to help keep engaged parties aware of new technology trends and their potential impact on the ICANN mission. While SIFTs are not part of ICANN's community-driven policy development process, SIFTs can help inform such policy work.

SIFT Objectives

The generalized goals of a SIFT are:

• Knowledge sharing between and among participants on the evolution of Internet identifier technologies.
• Providing informational presentations (to ICANN staff, ICANN leadership, and/or the ICANN community) on newly-emerging topics that are relevant to ICANN.

Who can join a SIFT?

Anyone can join a SIFT! You can sign-up to join a mailing list and jump into the discussion at any time.

The general email list can be found at: https://mm.icann.org/mailman/listinfo/sift-general

Active SIFTs

Special Interest Forum on DNS Abuse Measurement Technology

Mailing list (subscription and management): https://mm.icann.org/mailman/listinfo/sift-abuse-measurements 

Motivation
The DNS architecture has sparked growing interest and body of work in the last ten years to meet the security and privacy requirements of modern computing paradigms. From a cyber security standpoint, there is rising concern about the DNS being abused.

Attackers are increasingly distorting the purpose for which the DNS was built, exploiting it as an attack vector against other resources and services. Data tunneling, bandwidth amplification, and algorithmically generated names are increasingly misusing the DNS infrastructures to hide the true network identities of botnet nodes, obtain stealth communication with command-and-control botnet servers, spread malware, and perform denial of service (DoS) and other types of attacks against services and systems outside DNS.

Given the threats from and to the DNS, it is essential to develop techniques to identify and quantify the different forms of DNS abuse. These techniques would not only help to grow the understanding of these threats but also provide the basis for potential countermeasures and deployment of security controls.

DNS abuse measurement SIFT aims at providing a platform to share this knowledge with the whole community. From academics creating new security frameworks to cybersecurity providers detecting new threats, every cybersecurity professional possesses a set of methods, tools, and knowledge that helps to fight DNS abuse.

The goals of this SIFT are to:

• Encourage the cooperation of community members enabling them to exchange information and discuss the DNS abuse measurement technologies.
• Enable ICANN to further support the community in sharing knowledge around DNS abuse measurements.
• Present the latest developments in the Internet industry and to identify and discuss the specific issues that affect DNS abuse.

SIFT Contributions

The DNS abuse measurement SIFT invites the community to share knowledge around all aspects of DNS abuse measurements.  This includes measuring the role of DNS in different threats such as phishing, malware, smishing, vishing, spam, spit (spam over internet telephony), spim (spam over instant messenger), viruses, spyware, etc.

This SIFT will be especially welcoming contributions of important or incumbent DNS abuse measurement techniques. These contributions could come in the form of blogs, posts, webinars, datasets, and papers describing experimental or theoretical on all aspects of DNS abuse, including but not limited to:

• Techniques for detecting DNS abuse (including machine learning techniques)
• Techniques to categorize types of DNS abuse
• Industry tools (commercial or open source) and matters of commercial or practical interest regarding DNS abuse measurements
• New standards/tools to measure and share DNS abuse information
• Analysis of open source threat intelligence datasets related to DNS abuse
• Description of real-world examples of emerging/existing DNS abuse