On the Internet, there are lots of unused domain names that are not used for any actual services. Domain parking is a monetization mechanism for displaying online advertisements in such unused domain names. Some domain names used in cyber attacks are known to leverage domain parking services after the attack. However, the temporal relationships between domain parking services and malicious domain names have not been studied well. In this study, we investigated how malicious domain names using domain parking services change over time. We conducted a large-scale measurement study of more than 66.8 million domain names that have used domain parking services in the past 19 months. We reveal the existence of 3,964 domain names that have been malicious after using domain parking. We further identify what types of malicious activities (e.g., phishing and malware) such malicious domain names tend to be used for. We also reveal the existence of 3.02 million domain names that utilized multiple parking services simultaneously or while switching between them. Our study can contribute to the efficient analysis of malicious domain names using domain parking services.

In order to introduce new routing functionality without changing the Internet infrastructure, many routing overlays have been proposed in recent years. Although such overlays allow us to dynamically and flexibly form various types of networks, the current host name resolution mechanism used in the Internet, i.e. DNS, cannot provide us such flexibility in host name referencing because of its delegation-based administration scheme of domain names. And also, it cannot provide us security because of the lack of wide deployment of its security extension, DNSSEC. In this paper, we propose a generic framework for secure and flexible host name resolution infrastructure that can be shared among many routing overlays. In contrast to DNS with which users are forced to use the domain name space managed by IANA/ICANN, our framework separates the name resolution mechanism from the name spaces it handles, which allows users to choose whatever name space they think appropriate for the identity scheme of their overlay-networking community. This realizes decentralized management of domain names and gives users freedom in domain name acquisition. The basic idea to achieve this is to use a cryptographically generated identifier (i.e. a hash of a public key) as a reference to an administrative domain of overlay networking hosts and allow the owner of the domain to securely publish host information using the corresponding private key. We show that a referencing mechanism for such host information can be easily implemented by using distributed hash tables (DHTs), and then show how such "semantic-free" references to domains can be linked to existing identity scheme in order to allow "human-friendly" referencing.