PDF Security and Privacy in Communication Networks 15Th Eai International Conference Securecomm 2019 Orlando FL Usa October 23 25 2019 Proceedings Part Ii Songqing Chen Ebook Full Chapter

Security and Privacy in Communication
Networks 15th EAI International

Conference SecureComm 2019 Orlando
FL USA October 23 25 2019
Proceedings Part II Songqing Chen
Visit to download the full and correct content document:
https://textbookfull.com/product/security-and-privacy-in-communication-networks-15th
-eai-international-conference-securecomm-2019-orlando-fl-usa-october-23-25-2019-p
roceedings-part-ii-songqing-chen/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Security and Privacy in Communication Networks 16th EAI

International Conference SecureComm 2020 Washington DC
USA October 21 23 2020 Proceedings Part II Noseong Park
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-16th-eai-international-conference-
securecomm-2020-washington-dc-usa-october-21-23-2020-proceedings-
part-ii-noseong-park/
Security and Privacy in Communication Networks 16th EAI

International Conference SecureComm 2020 Washington DC
USA October 21 23 2020 Proceedings Part I Noseong Park
communication-networks-16th-eai-international-conference-
securecomm-2020-washington-dc-usa-october-21-23-2020-proceedings-
part-i-noseong-park/
HCI International 2019 Posters 21st International

Conference HCII 2019 Orlando FL USA July 26 31 2019
Proceedings Part II Constantine Stephanidis
https://textbookfull.com/product/hci-
international-2019-posters-21st-international-conference-
hcii-2019-orlando-fl-usa-july-26-31-2019-proceedings-part-ii-
constantine-stephanidis/

Proceedings Part I Constantine Stephanidis
hcii-2019-orlando-fl-usa-july-26-31-2019-proceedings-part-i-
Proceedings Part III Constantine Stephanidis
hcii-2019-orlando-fl-usa-july-26-31-2019-proceedings-part-iii-
constantine-stephanidis/
Virtual Augmented and Mixed Reality Applications and

Case Studies 11th International Conference VAMR 2019
Held as Part of the 21st HCI International Conference
HCII 2019 Orlando FL USA July 26 31 2019 Proceedings
Part II Jessie Y.C. Chen
https://textbookfull.com/product/virtual-augmented-and-mixed-
reality-applications-and-case-studies-11th-international-
conference-vamr-2019-held-as-part-of-the-21st-hci-international-
conference-hcii-2019-orlando-fl-usa-july-26-31-2019/
Social Computing and Social Media Communication and

Social Communities 11th International Conference SCSM
2019 Held as Part of the 21st HCI International
Proceedings Part II Gabriele Meiselwitz
https://textbookfull.com/product/social-computing-and-social-
media-communication-and-social-communities-11th-international-
conference-scsm-2019-held-as-part-of-the-21st-hci-international-
conference-hcii-2019-orlando-fl-usa-july-26-31/
Security and Privacy in Communication Networks 14th

International Conference SecureComm 2018 Singapore
Singapore August 8 10 2018 Proceedings Part II Raheem
Beyah
communication-networks-14th-international-conference-
securecomm-2018-singapore-singapore-august-8-10-2018-proceedings-
part-ii-raheem-beyah/
Artificial Intelligence for Communications and

Networks: First EAI International Conference, AICON
2019, Harbin, China, May 25–26, 2019, Proceedings, Part
II Shuai Han
https://textbookfull.com/product/artificial-intelligence-for-
communications-and-networks-first-eai-international-conference-
aicon-2019-harbin-china-may-25-26-2019-proceedings-part-ii-shuai-
Songqing Chen
Kim-Kwang Raymond Choo
Xinwen Fu
Wenjing Lou
Aziz Mohaisen (Eds.)
305
Security and Privacy

in Communication
Networks
15th EAI International Conference, SecureComm 2019
Orlando, FL, USA, October 23–25, 2019
Proceedings, Part II
Part 2
Lecture Notes of the Institute
for Computer Sciences, Social Informatics
and Telecommunications Engineering 305
Editorial Board Members

Ozgur Akan
Middle East Technical University, Ankara, Turkey
Paolo Bellavista
University of Bologna, Bologna, Italy
Jiannong Cao
Hong Kong Polytechnic University, Hong Kong, China
Geoffrey Coulson
Lancaster University, Lancaster, UK
Falko Dressler
University of Erlangen, Erlangen, Germany
Domenico Ferrari
Università Cattolica Piacenza, Piacenza, Italy
Mario Gerla
UCLA, Los Angeles, USA
Hisashi Kobayashi
Princeton University, Princeton, USA
Sergio Palazzo
University of Catania, Catania, Italy
Sartaj Sahni
University of Florida, Gainesville, USA
Xuemin (Sherman) Shen
University of Waterloo, Waterloo, Canada
Mircea Stan
University of Virginia, Charlottesville, USA
Xiaohua Jia
City University of Hong Kong, Kowloon, Hong Kong
Albert Y. Zomaya
University of Sydney, Sydney, Australia
More information about this series at http://www.springer.com/series/8197
Songqing Chen Kim-Kwang Raymond Choo
• •
Xinwen Fu Wenjing Lou

• •
Aziz Mohaisen (Eds.)
Security and Privacy

in Communication
Networks
15th EAI International Conference, SecureComm 2019
Orlando, FL, USA, October 23–25, 2019
Proceedings, Part II
123
Editors
Songqing Chen Kim-Kwang Raymond Choo
George Mason University The University of Texas at San Antonio
Fairfax, VA, USA San Antonio, TX, USA
Xinwen Fu Wenjing Lou
Boston University Virginia Tech
Lowell, MA, USA Blacksburg, VA, USA
Aziz Mohaisen
University of Central Florida
Orlando, FL, USA
ISSN 1867-8211 ISSN 1867-822X (electronic)

Lecture Notes of the Institute for Computer Sciences, Social Informatics
and Telecommunications Engineering
ISBN 978-3-030-37230-9 ISBN 978-3-030-37231-6 (eBook)
https://doi.org/10.1007/978-3-030-37231-6
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, expressed or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.
This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
The importance of ensuring security and privacy in communications networks is

recognized by both the research and practitioner community. This is, for example,
evidenced by the establishment of the U.S. Cyber Command as a unified combatant
command in May 2018. This is also the focus of the 15th EAI International Conference
on Security and Privacy in Communication Networks (SecureComm 2019).
This proceedings contains 56 papers, which were selected from 149 submissions
(i.e. acceptance rate of 37.6%) from universities, national laboratories, and the private
sector from across the USA as well as other countries in Europe and Asia. All the
submissions went through an extensive review process by internationally-recognized
experts in cybersecurity.
Any successful conference requires the contributions of different stakeholder groups
and individuals, who have selfishly volunteered their time and energy in disseminating
the call for papers, submitting their research findings, participating in the peer reviews
and discussions, etc. First and foremost, we would like to offer our gratitude to the
entire Organizing Committee for guiding the entire process of the conference. We are
also deeply grateful to all the Technical Program Committee members for their time
and efforts in reading, commenting, debating, and finally selecting the papers. We also
thank all the external reviewers for assisting the Technical Program Committee in their
particular areas of expertise as well as all the authors, participants, and session chairs
for their valuable contributions. Support from the Steering Committee and EAI staff
members was also crucial in ensuring the success of the conference. It has been a great
privilege to be working with such a large group of dedicated and talented individuals.
We hope that you found the discussions and interactions at SecureComm 2019
intellectually stimulating, as well as enjoyed what Orlando, FL, had to offer. Enjoy the
proceedings!
September 2019 Xinwen Fu

Kim-Kwang Raymond Choo
Aziz Mohaisen
Wenjing Lou
Organization
Steering Committee
Imrich Chlamtac University of Trento, Italy
Guofei Gu Texas A&M University, USA
Peng Liu Pennsylvania State University, USA
Sencun Zhu Pennsylvania State University, USA
Organizing Committee
General Chairs
Xinwen Fu University of Central Florida, USA
Kim-Kwang Raymond The University of Texas at San Antonio, USA
Choo
TPC Chair and Co-chairs

Aziz Mohaisen University of Central Florida, USA
Wenjing Lou Virginia Tech, USA
Sponsorship and Exhibit Chair

Qing Yang University of North Texas, USA
Local Chairs
Clay Posey University of Central Florida, USA
Cliff C. Zou University of Central Florida, USA
Workshops Chairs
Kaiqi Xiong University of South Florida, USA
Liang Xiao Xiamen University, China
Publicity and Social Media Chairs

Yao Liu University of South Florida, USA
Zhen Ling Southeast University, China
Publications Chairs
Songqing Chen George Mason University, USA
Houbing Song Embry-Riddle Aeronautical University, USA
viii Organization
Web Chairs
Bryan Pearson University of Central Florida, USA
Yue Zhang University of Central Florida, USA
Panels Chairs
Simon (Xinming) Ou University of South Florida, USA
Craig A. Shue Worcester Polytechnic Institute, USA
Demos Chair
Song Han University of Connecticut, USA
Tutorials Chair
Yong Guan Iowa State University, USA
Technical Program Committee

Amro Awad University of Central Florida, USA
Kai Bu Zhejiang University, China
Yinzhi Cao Johns Hopkins University, USA
Eric Chan-Tin Loyola University Chicago, USA
Kai Chen Chinese Academy of Sciences, China
Yu Chen Binghamton University - SUNY, USA
Sherman S. M. Chow The Chinese University of Hong Kong, Hong Kong,
China
Jun Dai California State University, Sacramento, USA
Karim Elish Florida Polytechnic University, USA
Birhanu Eshete University of Michigan, USA
Debin Gao Singapore Management University, Singapore
Le Guan University of Georgia, USA
Yong Guan Iowa State University, USA
Yongzhong He Beijing Jiaotong University, China
Murtuza Jadliwala The University of Texas at San Antonio, USA
George Kesidis Pennsylvania State University, USA
Joongheon Kim Chung-Ang University, South Korea
Hyoungshick Kim Sungkyunkwan University, South Korea
Gokhan Kul Delaware State University, USA
Laurent L. Njilla Air Force Research Laboratory, USA
Yingjiu Li Singapore Management University, Singapore
Jingqiang Lin Chinese Academy of Sciences, China
Zhiqiang Lin The Ohio State University, USA
Yao Liu University of South Florida, USA
Javier Lopez UMA, Spain
Wenjing Lou Virginia Tech, USA
Rongxing Lu University of New Brunswick, Canada
Organization ix
Ashraf Matrawy Carleton University, Canada

Aziz Mohaisen University of Central Florida, USA
Vaibhav Rastogi Northwestern University, USA
Sankardas Roy Bowling Green State University, USA
Pierangela Samarati University of Milan, Italy
Mohamed Shehab UNC Charlotte, USA
Seungwon Shin KAIST, South Korea
Houbing Song Embry-Riddle Aeronautical University, USA
Jeffrey Spaulding Niagara University, USA
Martin Strohmeier University of Oxford, UK
Wenhai Sun Purdue University, USA
Qiang Tang New Jersey Institute of Technology, USA
A. Selcuk Uluagac Florida International University, USA
Eugene Vasserman Kansas State University, USA
Cong Wang City University of Hong Kong Shenzhen Research
Institute, Hong Kong, China
Huihui Wang Jacksonville University, USA
Qian Wang Wuhan University, China
An Wang Case Western Reserve University, USA
Edgar Weippl SBA Research, Austria
Susanne Wetzel Stevens Institute of Technology, USA
Dinghao Wu Pennsylvania State University, USA
Mengjun Xie The University of Tennessee at Chattanooga, USA
Fengyuan Xu Nanjing University, China
Shouhuai Xu The University of Texas at San Antonio, USA
Shucheng Yu Stevens Institute of Technology, USA
Jiawei Yuan Embry-Riddle Aeronautical University, USA
Xingliang Yuan Monash University, Australia
Fareed Zaffar LUMS University, Pakistan
Xiao Zhang Palo Alto Networks, USA
Junjie Zhang Wright State University, USA
Kuan Zhang University of Nebraska-Lincoln, USA
Wensheng Zhang Iowa State University, USA
Yuan Zhang Nanjing University, China
Hong-Sheng Zhou Virginia Commonwealth University, USA
Cliff Zou University of Central Florida, USA
Contents – Part II
Deep Analytics
TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams . . . . . . . . 3

Kun Du, Hao Yang, Zhou Li, Haixin Duan, Shuang Hao, Baojun Liu,
Yuxiao Ye, Mingxuan Liu, Xiaodong Su, Guang Liu, Zhifeng Geng,
Zaifeng Zhang, and Jinjin Liang
Account Lockouts: Characterizing and Preventing Account

Denial-of-Service Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Yu Liu, Matthew R. Squires, Curtis R. Taylor, Robert J. Walls,
and Craig A. Shue
Application Transiency: Towards a Fair Trade of Personal Information

for Application Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Raquel Alvarez, Jake Levenson, Ryan Sheatsley, and Patrick McDaniel
CustomPro: Network Protocol Customization Through Cross-Host

Feature Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Yurong Chen, Tian Lan, and Guru Venkataramani
Systematic Theory
On the Security of TRNGs Based on Multiple Ring Oscillators . . . . . . . . . . 89

Xinying Wu, Yuan Ma, Jing Yang, Tianyu Chen, and Jingqiang Lin
Secrecy on a Gaussian Relay-Eavesdropper Channel with a Trusted Relay . . . 108

Keke Hu, Xiaohui Zhang, and Yongming Wang
Target Information Trading - An Economic Perspective of Security. . . . . . . . 126

Jing Hou, Li Sun, Tao Shu, and Husheng Li
Cyber Threat Analysis Based on Characterizing Adversarial

Behavior for Energy Delivery System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Sharif Ullah, Sachin Shetty, Anup Nayak, Amin Hassanzadeh,
and Kamrul Hasan
Bulletproof Defenses
The Disbanding Attack: Exploiting Human-in-the-Loop Control

in Vehicular Platooning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Ali Al-Hashimi, Pratham Oza, Ryan Gerdes, and Thidapat Chantem
xii Contents – Part II
Generic Construction of ElGamal-Type Attribute-Based Encryption

Schemes with Revocability and Dual-Policy . . . . . . . . . . . . . . . . . . . . . . . . 184
Shengmin Xu, Yinghui Zhang, Yingjiu Li, Ximeng Liu, and Guomin Yang
Online Cyber Deception System Using Partially Observable Monte-Carlo

Planning Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Md Ali Reza Al Amin, Sachin Shetty, Laurent Njilla, Deepak K. Tosh,
and Charles Kamhoua
SEVGuard: Protecting User Mode Applications Using Secure

Encrypted Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Ralph Palutke, Andreas Neubaum, and Johannes Götzfried
Blockchains and IoT
A Behavior-Aware Profiling of Smart Contracts . . . . . . . . . . . . . . . . . . . . . 245

Xuetao Wei, Can Lu, Fatma Rana Ozcan, Ting Chen, Boyang Wang,
Di Wu, and Qiang Tang
A Performance-Optimization Method for Reusable Fuzzy Extractor Based

on Block Error Distribution of Iris Trait. . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Feng Zhu, Peisong Shen, and Chi Chen
Detecting Root-Level Endpoint Sensor Compromises

with Correlated Activity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Yunsen Lei and Craig A. Shue
Footprints: Ensuring Trusted Service Function Chaining in the World

of SDN and NFV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Montida Pattaranantakul, Qipeng Song, Yanmei Tian, Licheng Wang,
Zonghua Zhang, and Ahmed Meddahi
Security and Analytics
Hecate: Automated Customization of Program and Communication

Features to Reduce Attack Surfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Hongfa Xue, Yurong Chen, Guru Venkataramani, and Tian Lan
Phish-Hook: Detecting Phishing Certificates Using Certificate

Transparency Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Edona Fasllija, Hasan Ferit Enişer, and Bernd Prünster
IIFA: Modular Inter-app Intent Information Flow Analysis

of Android Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Abhishek Tiwari, Sascha Groß, and Christian Hammer
Contents – Part II xiii
Power Analysis and Protection on SPECK and Its Application in IoT . . . . . . 350
Jing Ge, An Wang, Liehuang Zhu, Xin Liu, Ning Shang,
and Guoshuang Zhang
Machine Learning, Privately
Adversarial False Data Injection Attack Against Nonlinear AC State

Estimation with ANN in Smart Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Tian Liu and Tao Shu
On Effectiveness of Adversarial Examples and Defenses

for Malware Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Robert Podschwadt and Hassan Takabi
PrivC—A Framework for Efficient Secure Two-Party Computation . . . . . . . . 394

Kai He, Liu Yang, Jue Hong, Jinghua Jiang, Jieming Wu, Xu Dong,
and Zhuxun Liang
CoRide: A Privacy-Preserving Collaborative-Ride Hailing Service Using

Blockchain-Assisted Vehicular Fog Computing . . . . . . . . . . . . . . . . . . . . . . 408
Meng Li, Liehuang Zhu, and Xiaodong Lin
Better Clouds
Non-Interactive MPC with Trusted Hardware Secure Against Residual

Function Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Ryan Karl, Timothy Burchfield, Jonathan Takeshita, and Taeho Jung
A Study of the Multiple Sign-in Feature in Web Applications . . . . . . . . . . . 440

Marwan Albahar, Xing Gao, Gaby Dagher, Daiping Liu,
Fengwei Zhang, and Jidong Xiao
Authenticated LSM Trees with Minimal Trust . . . . . . . . . . . . . . . . . . . . . . 454

Yuzhe Tang, Kai Li, and Ju Chen
Modern Family: A Revocable Hybrid Encryption Scheme Based

on Attribute-Based Encryption, Symmetric Searchable Encryption
and SGX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Alexandros Bakas and Antonis Michalas
ATCS Workshop
A Nature-Inspired Framework for Optimal Mining of Attribute-Based

Access Control Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Masoud Narouei and Hassan Takabi
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Contents – Part I
Blockchains
Trustless Framework for Iterative Double Auction Based on Blockchain . . . . 3

Truc D. T. Nguyen and My T. Thai
Towards a Multi-chain Future of Proof-of-Space . . . . . . . . . . . . . . . . . . . . . 23

Shuyang Tang, Jilai Zheng, Yao Deng, Ziyu Wang, Zhiqiang Liu,
Dawu Gu, Zhen Liu, and Yu Long
Secure Consistency Verification for Untrusted Cloud Storage

by Public Blockchains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Kai Li, Yuzhe Tang, Beom Heyn (Ben) Kim, and Jianliang Xu
An Enhanced Verifiable Inter-domain Routing Protocol Based

on Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Yaping Liu, Shuo Zhang, Haojin Zhu, Peng-Jun Wan, Lixin Gao,
and Yaoxue Zhang
Internet of Things
Edge-Assisted CNN Inference over Encrypted Data for Internet of Things . . . 85

Yifan Tian, Jiawei Yuan, Shucheng Yu, Yantian Hou,
and Houbing Song
POKs Based Secure and Energy-Efficient Access Control for Implantable

Medical Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Chenglong Fu, Xiaojiang Du, Longfei Wu, Qiang Zeng, Amr Mohamed,
and Mohsen Guizani
USB-Watch: A Dynamic Hardware-Assisted USB Threat

Detection Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Kyle Denney, Enes Erdin, Leonardo Babun, Michael Vai,
and Selcuk Uluagac
Automated IoT Device Fingerprinting Through Encrypted

Stream Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Jianhua Sun, Kun Sun, and Chris Shenefiel
xvi Contents – Part I
Catching Malware
DeepCG: Classifying Metamorphic Malware Through Deep Learning

of Call Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Shuang Zhao, Xiaobo Ma, Wei Zou, and Bo Bai
ChaffyScript: Vulnerability-Agnostic Defense of JavaScript Exploits

via Memory Perturbation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Xunchao Hu, Brian Testa, and Heng Yin
Obfusifier: Obfuscation-Resistant Android Malware Detection System . . . . . . 214

Zhiqiang Li, Jun Sun, Qiben Yan, Witawas Srisa-an, and Yutaka Tsutano
Closing the Gap with APTs Through Semantic Clusters

and Automated Cybergames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Steven Gianvecchio, Christopher Burkhalter, Hongying Lan,
Andrew Sillers, and Ken Smith
Machine Learning
Stochastic ADMM Based Distributed Machine Learning

with Differential Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Jiahao Ding, Sai Mounika Errapotu, Haijun Zhang, Yanmin Gong,
Miao Pan, and Zhu Han
Topology-Aware Hashing for Effective Control Flow Graph

Similarity Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Yuping Li, Jiyong Jang, and Xinming Ou
Trojan Attack on Deep Generative Models in Autonomous Driving. . . . . . . . 299

Shaohua Ding, Yulong Tian, Fengyuan Xu, Qun Li, and Sheng Zhong
FuncNet: A Euclidean Embedding Approach for Lightweight

Cross-platform Binary Recognition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Mengxia Luo, Can Yang, Xiaorui Gong, and Lei Yu
Everything Traffic Security
Towards Forward Secure Internet Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Eman Salem Alashwali, Pawel Szalachowski, and Andrew Martin
Traffic-Based Automatic Detection of Browser Fingerprinting. . . . . . . . . . . . 365

Rui Zhao, Edward Chow, and Chunchun Li
Measuring Tor Relay Popularity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Tao Chen, Weiqi Cui, and Eric Chan-Tin
Contents – Part I xvii
SoK: ATT&CK Techniques and Trends in Windows Malware . . . . . . . . . . . 406

Kris Oosthoek and Christian Doerr
Communicating Covertly
Covert Channels in SDN: Leaking Out Information from Controllers

to End Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Jiahao Cao, Kun Sun, Qi Li, Mingwei Xu, Zijie Yang, Kyung Joon Kwak,
and Jason Li
Victim-Aware Adaptive Covert Channels . . . . . . . . . . . . . . . . . . . . . . . . . . 450

Riccardo Bortolameotti, Thijs van Ede, Andrea Continella,
Maarten Everts, Willem Jonker, Pieter Hartel, and Andreas Peter
Random Allocation Seed-DSSS Broadcast Communication Against

Jamming Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Ahmad Alagil and Yao Liu
A Loss-Tolerant Mechanism of Message Segmentation and Reconstruction

in Multi-path Communication of Anti-tracking Network. . . . . . . . . . . . . . . . 490
Changbo Tian, YongZheng Zhang, Tao Yin, Yupeng Tuo, and Ruihai Ge
Let’s Talk Privacy
Ticket Transparency: Accountable Single Sign-On with Privacy-Preserving

Public Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Dawei Chu, Jingqiang Lin, Fengjun Li, Xiaokun Zhang,
Qiongxiao Wang, and Guangqi Liu
Decentralized Privacy-Preserving Reputation Management

for Mobile Crowdsensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Lichuan Ma, Qingqi Pei, Youyang Qu, Kefeng Fan, and Xin Lai
Location Privacy Issues in the OpenSky Network

Crowdsourcing Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
Savio Sciancalepore, Saeif Alhazbi, and Roberto Di Pietro
Privacy-Preserving Genomic Data Publishing via Differentially-Private

Suffix Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Tanya Khatri, Gaby G. Dagher, and Yantian Hou
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585

Deep Analytics
TL;DR Hazard: A Comprehensive Study
of Levelsquatting Scams
Kun Du1 , Hao Yang1 , Zhou Li2 , Haixin Duan3(B) , Shuang Hao4 , Baojun Liu1 ,
Yuxiao Ye1,4 , Mingxuan Liu1 , Xiaodong Su4 , Guang Liu4 , Zhifeng Geng4 ,
Zaifeng Zhang5 , and Jinjin Liang5
1
Tsinghua University, Beijing, China
{dk15,yang-h16,lbj15,liumx18}@mails.tsinghua.edu.cn
2
University of California, Irvine, USA
zhou.li@uci.edu
3
Tsinghua University, Beijing National Research Center
for Information Science and Technology, Beijing, China
duanhx@tsinghua.edu.cn
4
University of Texas at Dallas, Richardson, USA
shao@utdallas.edu, yeyuxiao@outlook.com,
suxiaodong.sxd@gmail.com, lg2001607@163.com, zhifeng.geng@qq.com
5
Network security Research Lab at Qihoo 360, Beijing, China
zhangzaifeng@360.cn, liangjinjin@360.cn
Abstract. In this paper, we present a large-scale analysis about an

emerging new type of domain-name fraud, which we call levelsquatting.
Unlike existing frauds that impersonate well-known brand names (like
google.com) by using similar second-level domain names, adversaries
here embed brand name in the subdomain section, deceiving users espe-
cially mobile users who do not pay attention to the entire domain names.
First, we develop a detection system, LDS, based on passive DNS
data and webpage content. Using LDS, we successfully detect 817,681
levelsquatting domains. Second, we perform detailed characterization on
levelsquatting scams. Existing blacklists are less effective against level-
squatting domains, with only around 4% of domains reported by Virus-
Total and PhishTank respectively. In particular, we find a number of
levelsquatting domains impersonate well-known search engines. So far,
Baidu security team has acknowledged our findings and removed these
domains from its search result. Finally, we analyze how levelsquatting
domain names are displayed in different browsers. We find 2 mobile
browsers (Firefox and UC) and 1 desktop browser (Internet Explorer)
that can confuse users when showing levelsquatting domain names in
the address bar.
In summary, our study sheds light to the emerging levelsquatting fraud
and we believe new approaches are needed to mitigate this type of fraud.
Keywords: LDS · DNS · Levelsquatting
c ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019
Published by Springer Nature Switzerland AG 2019. All Rights Reserved
S. Chen et al. (Eds.): SecureComm 2019, LNICST 305, pp. 3–25, 2019.
https://doi.org/10.1007/978-3-030-37231-6_1
4 K. Du et al.
1 Introduction
Fast-paced reading is favored in the Internet age. Lengthy articles are less likely
to be read and often receive comments like TL;DR (short for Too long; didn’t
read ) [1]. While impatience to long text may leave valuable information over-
looked, negligence to a long domain name can lead to much worse consequences.
As a real-world example, Fig. 1 shows a phishing website with a long
domain name, mails.tsinghua.edu.cn.locale.rebornplasticsurgery.com, displayed
in IE browser’s address bar with default settings. The domain name is so lengthy
that only the subdomain mails.tsinghua.edu.cn can be displayed, which is identical
to the authentic login domain name of Tsinghua university. A user can be deceived
to put her login credential when visiting this website.
Fig. 1. An example of Levelsquatting domain displayed in IE.
We term this type of fraud as levelsquatting. Adversaries here create domains

by using its subdomain section to impersonate a brand domain. Levelsquatting
scams bring cybercriminals several benefits: (1) This type of attack is more
deceptive (compared to traditional domain squatting), since the displayed part
of the domain name can have quite legitimate looking in both desktop and
mobile browsers; (2) Adversaries can create subdomains to impersonate arbitrary
brand domains. If they use e2LDs(effective second level domain names) for the
same purpose, they have to find ones not registered yet. and (3) Adversaries
can leverage mechanisms of name servers that controlled by themselves, like
TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams 5
wildcard DNS, to manage a large pool of levelsquatting concurrently. In this

work, we perform the first large-scale analysis to understand this type of fraud.
Finding levelsquatting Domains. To discover levelsquatting domains, we
have developed a system named called LDS (Levelsquatting Detection System),
which monitors large volume of passive DNS data and identifies levelsquatting.
LDS first searches for the levelsquatting candidates by matching a list of pop-
ular domain names. Then for each candidate, it collects WHOIS information,
page content, visual appearance, and performs a three-stage detection procedure.
After sampling and manually verification, we confirm LDS can work effectively.
As described in Sect. 3, LDS achieves the precision of 96.9% on a sample of our
dataset.
Discoveries. The amount of levelsquatting domains discovered by LDS is
817,681, which enable us to conduct a comprehensive study of levelsquatting
scams. We highlight our findings below.
(1) We find a new type of attack that impersonates search engines. For example,
the domain www.baidu.com.baidu-service.com has identical appearance as
Baidu and it can even returns meaningful search results when being queried.
The goal of adversaries here is to insert illegal ads, e.g., gamble promotions,
in the returned results. In total, we find 13,331 fake search-engine websites.
We report them to Baidu security team, and all of them have been confirmed
malicious.
(2) While a levelsquatting domain can be created by adding a subdomain record
into the DNS zone file, we find wildcard DNS record is used more often
for management ease: 517,839 (63.33%) levelsquatting FQDNs (fully quali-
fied domain names referring to absolute domain names) or 41,389 (64.55%)
e2LDs have wildcard DNS records.
(3) The effectiveness of blacklists regarding levelsquatting is very limited. We
check the identified levelsquatting domains on PhishTank1 and VirusTotal2 .
Only around 4% of the them have been captured by VirusTotal and Phish-
Tank respectively.
(4) We conjecture that the rise of levelsquatting attack is attributed to the
problematic design of modern browsers. In fact, we investigate and show
that some mobile browsers (e.g., Firefox and UC) and desktop browsers
(e.g., Internet Explorer 9 on Windows 7) fail to display levelsquatting FQDNs
correctly, making users vulnerable to this fraud. As a result, we suggest these
browser manufacturers to adjust their UI and highlight the e2LD section.
In summary, our work makes the following contributions.
(1) We perform the first large-scale study of levelsquatting fraud using a detec-
tion system LDS we developed.
1
https://www.phishtank.com/.
2
https://www.virustotal.com/.
6 K. Du et al.
(2) We make an in-depth measurement study of the identified levelsquatting

domains.
(3) We check levelsquatting on PC and mobile browsers and find several visual
issues that can confuse users. We suggest browser manufactures to fix those
issues and highlight the e2LD section more clearly.
2 Background
In this section, we first give a brief overview of existing methods for subdomain
creation. Then we define levelsquatting and describe the scope of this study.
Finally, we survey existing attacks against brand names that have been exten-
sively studied and compare them with levelsquatting.
Subdomain Creation. In this work, we consider a domain name as FQDN,
its right part offered by registrar (e.g., GoDaddy3 ) as e2LD and its left part as
subdomain. To learn whether a domain is managed by a registrar, we check if it is
one level under an effective top-level domain (eTLD) (e.g., .com and .co.uk)4 ,
an approach commonly used by existing works [4].
There are three types of DNS records that can create subdomain, A, AAAA and
CNAME records. The first two associate a subdomain with an IP v4/v6 address,
e.g., <b.example.com A 93.184.216.34>. CNAME specifies the alias of
another canonical domain, e.g., <www.example.com CNAME example.com>.
Additionally, the owner can specify a wildcard record, by filling the subdomain
part with a character *, which will capture DNS requests to any subdomain not
specified in the zone file.
Levelsquatting. A registrar usually enforces no extra restriction on subdomain
creation, if the whole domain name complies with the IETF standard [5]. Such
loose policy unfortunately allows attackers to create a subdomain impersonat-
ing a well-known brand without any hurdle. We name such fraud domains as
levelsquatting domains. More concretely, it contains a well-known brand (e.g.,
google.com) in its subdomain section, while the e2LD section does not belong
to the brand owner.
Whether a domain is created for levelsquatting depends on its similarity to
a known brand in both its subdomain and e2LD sections. For the subdomain
section, we assume attackers: (1) use the exact brand name without any typo
(e.g., go0gle.com.example.com is excluded); (2) keep the entire e2LD section
of the targeted brand within the subdomain section (e.g., google.example.com
is excluded); (3) target a brand’s FQDN as well in addition to its e2LD
(e.g., accounts.google.com.example.com is included). We choose these criteria
to reduce the computation overhead (e.g., finding all brand typos is computa-
tionally expensive) while achieve good coverage.
Comparison to Domain-Squatting. Previous studies have revealed many
tricks adopted by adversaries to impersonate a brand. Domain-squatting is
3
https://www.godaddy.com/.
4
We use the public suffix list provided by https://publicsuffix.org/ to match eTLD.
Fig. 2. Processing flow of LDS. The number in the figure refers to the number of records
remained after each filtering step.
arguably the most popular approach. In this approach, adversaries buy an e2LD
that looks similar to a brand domain and fool users who cannot distinguish
the difference. This can be done through typo-squatting [6], bit-squatting [7],
homophone-squatting [8], homograph-squatting [9] and etc. A recent work by
Kintis et al. covers combo-squatting, in which case attackers combine brand
name with one or more phrases (e.g., youtube-live.com) and register the
e2LD [10]. Despite the high similarity, these approaches will fail if the user is
careful enough when reviewing the domain name.
However, a recent attack called punycode scam takes one step further to erase
the visual difference. Punycode is a way to represent a Unicode letter using ASCII
character set. But many Unicode letters look almost the same as ASCII letters
(e.g., Cyrillic “a” and Latin “a”). They can be abused to construct scam domains
looking exactly the same as brand domains [11,12].
All approaches listed above require attackers to buy e2LDs similar to the
targeted brand. The monetary cost is still non-negligible and the choices are
usually limited. In comparison, creating levelsquatting domain needs virtually
zero cost and the choices are unlimited. Moreover, when the domain is displayed
in a defective browser, discerning the difference is much more difficult.
3 Finding levelsquatting Domains

While levelsquatting domains are spotted in wild occasionally [2], there is no
systematic study measuring the scale and characterizing the purpose. A large
volume of samples is essential to yield meaningful insights into this phenomenon,
but so far the coverage from public sources is still limited (see Sect. 5.2 for more
details). To overcome the issue of data scarcity, we build an system named LDS
(Levelsquatting Detection System) to automatically discover scam levelsquatting
domains. At high level, LDS selects candidate domains from passive DNS data
and identifies scam ones based on the combination of registration-, structural-
and visual-analysis. Below we first give an overview of LDS and then dive into
the details of each component.
8 K. Du et al.
3.1 System Overview

The top challenge we need to address here is how to discover a large amount
of levelsquatting domains efficiently. Although some registrars (e.g., VeriSign)
have published zone files they managed, subdomains are not included. Whether
a subdomain exists can be learned through issuing DNS query, but enumerating
all subdomains is impossible. Our solution, on the other hand, is to examine the
domain resolutions logged by passive DNS collectors. We scan two passive DNS
datasets offered by Farsight5 and Qihoo 3606 in this research.
Brand Selection. Although any brand may be subjected to levelsquatting
attack, impersonating well-known brands accords with the best interest of attack-
ers. In this study, we select e2LD from Alexa top 10 K list7 (named DomAlexa )
for detection. This dataset yields a decent coverage of web categories (46 cat-
egories labeled by Alexa8 are included). Next, we construct a list of wildcard
strings (e.g., *.google.com.*) and submit them to passive DNS service. In
the end, we obtain a corpus of 586,197,541 DNS logs. We filter logs matching A,
AAAA and CNAME in record type and extract domain names. We collect 4,735,289
domains as candidates (named DomAll ).
Design and Data Collection. Through an initial exploration on a small sub-
set within DomAll , we gain three insights about levelsquatting domains. First,
many of them have been leveraged to deliver phishing content with similar visual
appearances to the targeted brand domains [13]. Second, attackers prefer to use
off-the-shelf website template to reduce development cost [14,15], introducing
irregular similarity among pages of levelsquatting domains. Third, registration
information of levelsquatting e2LD and brand e2LD are usually irrelevant. Moti-
vated by these insights, we build a crawler infrastructure to query WHOIS infor-
mation from registrars, download homepage and capture screenshots for each
domain in DomAll .
We obtain 2,473,809 valid pages from DomAll and we label this set as
DomSus . We notice that almost half of DomAll become expired during our
research. This is because adversaries here prefer to e2LD with short lifetime
to reduce their cost, illustrated by previous work [15]. Every domain in DomSus
is examined by a detection component based on registration-, structural-, and
visual-features and the alarmed domain is considered as levelsquatting (the set is
named DomLD ). Figure 2 illustrates the processing flow and the implementation
details are elaborated in the following chapter.
3.2 Implementation of Checkers

We develop three checkers to exam each domain in DomSus . All these three check-
ers are sequential. At the high level, a domain is labeled suspicious if registration
5
https://www.dnsdb.info/.
6
https://www.passivedns.cn/.
7
http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.
8
https://www.alexa.com/topsites/category.
information mismatches correspondent brand domain in DomAlexa . Structural

and visual representation check similarity between DomSus or DomAlexa . We
consider a domain as levelsquatting if two checkers alarm. The details of each
checker is elaborated below.
Registration Checker. We query public WHOIS servers to obtain registra-
tion information for e2LDs in DomSus and DomAlexa . Though a levelsquatting
domain can pretend by manipulating the subdomain section, faking registra-
tion information is not always feasible. In fact, not all the WHOIS fields can
be controlled by attackers, e.g., register email and registration date. Although
adversaries can utilize “Domain Privacy Protection” service to hide their tracks,
they cannot rely on brand domain use the same service.
From WHOIS servers, we obtain 58,372 and 10,000 valid records for e2LDs
in DomSus and DomAlexa 9 . For every WHOIS record associated with DomSus ,
we extract email address, telephone number, creation date, expiration date, and
match them with DomAlexa . The domains having zero overlap will be further
inspected by the structural- and visual- checker.
Structural Checker. As the second step, we inspect the homepage under each
domain. On one hand, malicious pages tend to share the same structure due to
the use of web templates. On the other hand, when a malicious page is designed
for phishing, its structure should resemble to the brand domain. As a result,
we compare each page structural similarity in DomSus and DomAlexa by using
“Page Compare library” 10 .
Visual Checker. In this step, we aim to determine whether the levelsquat-
ting domain runs a phishing page mimicking one in DomAlexa . We look into
the visual similarity between them. As the first step, our crawler launches a
browser instance and visit homepages in DomAlexa and DomSus by using sele-
nium library11 . We take a screen shot for each domain. Then we check structural
similarity between each image in DomSus and DomAlexa by using skimage12 .
By using both structural and visual checkers, we can filter out non-malicious
levelsquatting domains. Similar to our approach, DeltaPhish [19], also exploits
the structural and visual similarity to detect phishing pages. Though DeltaPhish
extracted more features, it relies on a pre-labeled training dataset and the compu-
tation is more time-consuming. Our approach is training-free and more efficient.
4 Evaluation
The Precision of LDS. LDS detects 817,681 levelsquatting FQDNs (DomLD )
and we want to learn how accurate the result is. In the beginning, we use “query”
9
We are not able to obtain WHOIS records for all e2LDs within DomSus because
they have become expired when we queried.
10
https://github.com/TeamHG-Memex/page-compare.
11
https://www.seleniumhq.org/.
12
https://scikit-image.org/.
10 K. Du et al.
mode of VirusTotal API13 to get URL report for every detected levelsquatting
FQDN and use the number of alarms to determine whether it is scam. But it
turns out that most of the domains are not even been submitted to VirusTotal
(more details in Sect. 5.2). Therefore, we have to resort to manual verification.
However, manually confirming all of them within a reasonable time is impossible.
As an alternative, we sample FQDNs randomly and validate them for 10 rounds.
We calculate precision rate for each round and consider the average value as the
true precision rate.
In each round, we first sample 1,000 results and check whether the FQDN is
used for phishing, e.g., stealing login credentials. For the remaining ones, our val-
idation rules focus on the strategies adopted by attackers. In particular, we first
compare two pages crawled by common browser user-agent and spider user-agent
strings, determining if cloaking performed, which is widely used for Blackhat
SEO. Then we follow the method proposed by Wang et al. [17] to find cloaking
pages: if there is no similarity in visual effect or page structures between two
pages, the domain is labeled as cloaking. Next, we go through the page content
and check if it is used to promote illegal business like porn, gamble or fake shops.
We also examine e2LD’s WHOIS information and consider it a true positive
when the domain is recently registered by a non-authoritative party. After 10
rounds calculation, we get the system precision rate is 96.9%.
Analysis of False Positives. We conservatively treat the false positives rate
3.1%. But a close look suggests none of them is absolutely innocent. Among these
310 domains, 178 of them show regional news, but none of their sources are well
known and the same content/page structure are found, which indicate they might
serve spun content for spam purposes [18]. The other 132 domains all display a
message showing that the domain is expired. However, when we revisited them
one month later, 118 of them showed more than 2 ads about lottery and porn.
We speculate these domains might be purchased later by attackers or just use
expired pages occasionally to avoid detection.
5 Measurement
In this section, we present our analysis about levelsquatting domains. We first
describe the dataset we use. Then, we evaluate how effective the current defense
stands against levelsquatting and how popular levelsquatting is used for scam
activities. Next we examine the statistics of the lexical features, including the
popularity of different prefixes in subdomains. Finally, we take a deep look into
the infrastructure behind levelsquatting domains.
5.1 Datasets
To enrich the diversity of the levelsquatting domains, in addition to the 799,893
domains captured by LDS, we also acquire data from PhishTank and VirusTotal.
The summary is listed in Table 1.
13
The “query” mode retrieves the prior scanning result of a URL that has been sub-
mitted to VirusTotal by another user.
PhishTank (DSP T ). Levelsquatting is supposed to be used a lot for phishing

attacks. As a result, we download all URLs submitted to PhishTank between May
2016 to July 2017, with 1,025,336 records in total, and search for levelsquatting
FQDNs. We use the same check algorithm described in Sect. 3 and get 14,387
levelsquatting FQDNs in the end.
VirusTotal (DSV T ). Another data source is VirusTotal, a well-known public
service offering URL and file scanning. We download the feed from February to
April, 2017, accounting for 160,399,466 URLs in total. After filtering, we obtain
3,528 levelsquatting FQDNs (all of them are alarmed by at least two blacklists).
Combining the three datasets, we obtain 817,681 unique levelsquatting
FQDNs (we name the entire set DSAll ), mapped to 64,124 e2LDs. The over-
lap of the three datasets is small: only 127 FQDNs or 40 e2LDs from DSLDS
are also contained in DSP T and DSV T .
Table 1. Summary of datasets.
Notation Source Period # FQDNs # e2LDs

DSLDS LDS 03.2017-04.2017 799,893 58,988
DSP T PhishTank 05.2016-07.2017 14,387 3,887
DSV T VirusTotal 02.2017-04.2017 3,528 1,289
DSOverlapped – – 127 40
Sum (DSAll ) – – 817,681 64,124
5.2 Impact of Levelsquatting
Blacklist is a common first-line defense against malicious URLs, but according to

our study, its coverage on levelsquatting domains is quite limited. Our conclusion
comes from a coverage test on VirusTotal: we queried all 817,681 FQDNs from
DSLDS using VirusTotal API under “query” mode, and found only 39,249 are
alarmed, accounting for 4.80% of DSLDS . It turns out that most of the domains
(618,374, 75.63%) are not even submitted to VirusTotal.
Although levelsquatting has been observed in the wild as an attack vector
for phishing, whether it has become a popular option for the phishing purpose
is unclear yet. The answers seems negative: 332,007 distinct FQDNs (cover-
ing 1,025,336 URLs) are obtained from PhishTank but DSP T only has 14,387
(4.33% of 332,007) FQDNs. As another supporting evidence, most of the domains
recorded by PhishTank are short, each of which in average consists of only 2.83
levels.
Prefix. Attackers are free to add prefixes in front of a brand, in order to imper-
sonate a specific brand domain. To learn their preference, we have extracted all
prefixes and counted the number of appearance among DSAll . Top 15 prefixes
with their occupied percentage are shown in Fig. 3. Among them, www. is chosen
12 K. Du et al.
Fig. 3. Top 15 prefix keywords.
most frequently (79,338 or 9.70% of DSAll ). The top 15 prefixes show up 31.09%
of all levelsquatting domains. Prefix known to be associated with mobile services,
like m., 3g. and weixin. (representing WeChat, the top mobile chat app in
China), are ranked highly, suggesting that attackers actively exploit the display
vulnerabilities in mobile devices (discussed in Sect. 7).
5.3 Infrastructure
Levelsquatting domains serve as the gateway to attackers’ infrastructure. For
better understanding, we first look into the IP addresses and registrants behind,
then we analyze domains with wildcard DNS record, distribution in new gTLD
and HTTPS certificates they deployed.
IP Addresses. We performed DNS queries on all levelsquatting FQDNs in
DSAll to obtain their IP addresses by using pydig14 . In total, 710,347 (86.87%)
requests returned valid results and 54,118 IPs were obtained. We show the top
10 IP addresses that levelsquatting domains prefer in Table 2. From this table
we can see that the top 10 servers host more than 38% of total levelsquatting
domains.
Registrants. We are interested in who actually control the levelsquatting
domains. Hence we select WHOIS records of domains in DSAll and obtain 58,372
valid records in total. By grouping the domains with registrant email addresses,
we find that 23.41% of them are under 10 email addresses. We list these regis-
trants in Table 3. We search email addresses for relevant information, find that
14
https://github.com/shuque/pydig.
Table 2. Top 10 IP addresses of malicious levelsquatting domains.
No. IP ASN Location Count of Percentage

levelsquatting FQDNs
1 69.172.201.153 AS19324 US 76,387 9.34%
2 185.53.179.8 AS61969 Europe 48,932 5.98%
3 199.59.242.150 AS395082 US 35,327 4.32%
4 202.181.24.196 AS55933 Australia 34,395 4.21%
5 205.178.189.131 AS19871 US 31,238 3.82%
6 52.33.196.199 AS16509 US 23,994 2.93%
7 72.52.4.122 AS32787 US 21532 2.63%
8 93.46.8.89 AS12874 Italy 17,328 2.12%
9 72.52.4.119 AS32787 US 13,551 1.66%
10 118.193.172.49 AS58879 HK 10,689 1.31%
Total – – – 313,373 38.32%
Table 3. Top 10 registrant emails.
No. Email Count of Percentage

Levelsquatting e2LDs
1 yu****@yinsibaohu.aliyun.com 3,328 5.19%
2 yuming****@163.com 2,985 4.66%
3 4645468b********@privacy.everdns.com 1,633 2.55%
4 zz****@sina.com 1,397 2.18%
5 28***@qq.com 1,255 1.96%
6 c138e837********@privacy.everdns.com 1,231 1.92%
7 xiaosh********@163.com 989 1.54%
8 ljj********@gmail.com 751 1.17%
9 whoisa****@west263.com 730 1.14%
10 zr**@qq.com 712 1.11%
Total – 15,011 23.41%
many of them belong to professional domain brokers who own massive amount
of domains. Similar observations were also described in previous works looking
into the underground economy [3] and blackhat SEO [15].
Registration Dates. Next, we examine the registration dates of the levelsquat-
ting e2LDs. Figure 4 illustrates the ECDF of registration dates, which shows
that more than 59.27% of domains were registered after 2016. Previous studies
suggest recent registration date is an indicator of domains owned by attack-
ers [21,22], and our result suggests that hijacking reputable e2LD and adding
subdomains under its zone file are not popular, since reputable e2LDs tend to
14 K. Du et al.
Fig. 4. ECDF of registration dates.
Table 4. Top 10 new gTLDs in levelsquatting e2LDs.
No. New gTLD Count Percentage of new Percentage

gTLD domains of all e2LDs
1 .top 3,868 20.92% 6.03%
2 .win 3,034 16.41% 4.73%
3 .pw 2,672 14.45% 4.17%
4 .info 2,254 12.19% 3.52%
5 .bid 1,862 10.07% 2.90%
6 .loan 1,213 6.56% 1.89%
7 .party 1,021 5.52% 1.59%
8 .racing 893 4.83% 1.39%
9 .faith 586 3.17% 0.91%
10 .date 313 1.69% 0.49%
Total – 17,716 95.83% 27.63%
have a long registration lifetime (e.g., google.com has been registered for more
than 20 years). Instead, creating e2LD or compromising newly registered e2LD
is more popular.
Wildcard DNS. While LDS has detected 817,681 unique levelsquatting FQDNs,
they are mapped to only 64,124 e2LDs. We suspect there may be many
wildcard DNS records among them. To verify this assessment, we probe all
64,124 e2LDs using the same method proposed by Du et al. [15]. In essence,
for an e2LD like example.com, we first try to resolve the IP address of
*.example.com. The e2LD is considered to support wildcard DNS if there
is a valid response. Otherwise, we issue two queries with random subdomain
names, like aaa.example.com and bbb.example.com. If the two responses
are matched, the e2LD is considered to support wildcard DNS as well. In the end,
we discovered 41,389 e2LDs (64.55% of 64,124) contain wildcard DNS records,
suggesting this configuration is widely used by adversaries.
Abuse of New gTLD Domains. Previous studies [15] discovered that there is
an increasing tendency of registering malicious domains under new gTLDs, like
.top. We want to learn whether new gTLD is also favored by levelsquatting
attackers. As such, we use the new gTLD list published by ICANN [23] to filter
the e2LDs in DSAll . It turns out a prominent ratio of e2LDs (17,716, 27.63% of
64,124) are under new gTLDs, which aligns with the discovery of previous works.
We think the the major reason is that most new gTLDs are cheap and lack of
maintenance. We show the top 10 new gTLDs abused in Table 4.
SSL Certificates. Deploying SSL certificates and supporting HTTPs connec-
tion is a growing trend for site administrators. To make malicious sites, espe-
cially phishing sites more convincing to visitors, SSL certificates are also used by
attackers [24]. For levelsquatting domains, the motivation is the same but our
measurement result shows that they have not seriously considered this option.
We ran port scan with ZMap15 over all DSAll and find that only 587 of them
provide certificates. By comparison, a study [25] showed that already 70% of
Alexa Top One Million sites provide SSL certificates. We download all these 587
certifications and extracted the issuers. Only six issuers are found. All of them
can provide free SSL certification with 30-day period or even longer. We believe
this is the main reason that these issuers are selected (Table 5).
Table 5. SSL Certification issuers and domain count.
No. Certification Issuer Charge Count Percentage

1 RapidSSL SHA256 CA - G3 30 days free 276 47.02%
2 Let’s Encrypt Authority X3 Free 207 35.26%
3 WoSign CA Free SSL Certificate G2 Free 40 6.81%
4 GlobalSign Organization Validation 30 days free 26 4.43%
CA - G2
5 Cybertrust Japan Public CA G3 30 days free 23 3.92%
6 Amazon 12 month free 15 2.56%
Total – – 587 100%
6 Characterization
In this section, we take a closer look into the business behind levelsquatting
domains and their targeted brands, to get a better understanding of how they
serve attackers’ operations.
15
https://github.com/zmap/zmap.
Another random document with
no related content on Scribd:
mills and paper mills, has a match factory that is among the largest
in the world. These industries are run by water-power. Ottawa is at
the head of navigation of the Ottawa River, which here is broken by
the Chaudière Falls. When Champlain saw these falls the tumbling
waters presented a beautiful spectacle. Now they are reduced and
obscured by mills and power stations. There is about two million
horse-power available within fifty miles, one twentieth of which is
developed.
Many of the industries based on the water-powers and the
lumber of the Ottawa district are in Hull, across the river. Hull has
about thirty thousand people, nearly all French Canadians. Its
population is temporarily increased each evening, as streams of
Ottawans cross the bridges from the bone dry province of Ontario to
the beer and wine cafés of the adjoining territory.
To appreciate all the beauties of the capital one must ride over
its thirty miles of boulevards and park drives. The Rideau Canal
flows through the heart of the city, giving a picturesque appearance
to its business districts, and lending a delightful aspect to the streets
and homes in the residential sections. There are block after block of
attractive houses that have the canal at their front doors, and others
with the canal in the rear. I noticed more than one canoe moored, so
to speak, in a backyard.
Indeed, the city seems entirely surrounded by water and parks.
Besides the Rideau Canal, there is the river of the same name, with
well-kept parks along its banks. The most commanding sites on the
hillsides overlooking the rivers are occupied by fine public buildings
and millionaires’ residences. There are numerous yacht and canoe
clubs, while on the Quebec side of the Ottawa River, above the
Chaudière Falls, are several golf courses. In their clubs the
Canadians seem to be content to do things on a less elaborate scale
than is common in the States, thus making it possible for men and
women of moderate means to belong without feeling extravagant. In
fact, though none know better than the Canadians how to entertain
elaborately whenever they choose to do so, they live more simply
than we, and spend more time in outdoor recreations.
Imagine yourself at my side as I write these words, and look with
me out of my hotel window. We are in the Château Laurier, a modern
hotel built of light-coloured stone in the design of a French chateau.
It was erected by the Grand Trunk Railroad, but now, like the
railroad, is operated by the government. It faces Connaught Square,
opposite the Union Station, with which it is connected by an
underground passage.
If we were to fall from our window, we should land on the bank of
the Rideau Canal as it comes out from under Connaught Square.
The canal divides Ottawa into two parts. East of the canal is Lower
Town, where most of the French residents live. To the east also is
Sandy Hill, a fine residential quarter. Just below us the canal
descends through a ravine down to the level of the Ottawa River.
Here there are six locks forming a water stairway. The canal
connects the Ottawa River with Kingston, on Lake Ontario. It was
constructed chiefly for military purposes. After the War of 1812, the
Canadians felt that they needed an inland waterway between
Montreal and the Lakes that would not be exposed to attack from the
American side. For many years Ottawa bore the name of Bytown,
after a military engineer, Colonel By, who built the canal.
Now look across the ravine through which the canal drops down
to the river. There are the government buildings, arranged in a
quadrangle. They are massive structures of rough stone and Gothic
architecture that crown the bluff one hundred and sixty feet above
the water. They look more like one of our universities than any of our
capitols. The Parliament building, with its back to the river, forms one
side of the quadrangle. In front of it are several acres of lawn that
slope gently down to Wellington Street. Facing the Parliament
building are other government offices, business buildings, and the
white marble home of the Rideau Club, where politicians from all
Canada gather during the legislative sessions.
The government has bought several city blocks near the
Parliament quadrangle, on which it will some day erect appropriate
structures to house its various departments. Some of them,
meanwhile, are accommodated in all sorts of office buildings and
remodelled dwellings, a condition that also reminds me of
Washington. This fact shows, too, that in the face of the continual cry
for greater economy the government machine in Canada is, like our
own, getting bigger every year.
The present Parliament house is a new building that will have
cost, when complete, nearly twelve million dollars. It is on the site
and about the size of the one burned in 1916, except that it has one
story more, and its square Gothic tower will be within two feet as
high as the dome of the United States Capitol. The entrance hall,
which forms the base of this tower, is a veritable forest of pillars that
uphold Gothic arches. The arches and walls have a dappled gray-
white appearance, due to fossils in the Selkirk limestone. Arched
corridors lead to the Senate wing on the right, to the House of
Commons on the left, and straight ahead into the library, the only
part of the original building not destroyed by the fire.
I found the Senate chamber a beautiful room, handsomely
appointed. Its walls are lined with large paintings of Canadian troops
in action in the World War. The ninety-six senators who represent the
various provinces are appointed for life by the government in power
whenever vacancies occur. Seats in this body are often handed out
as political plums. The Canadian Senate has not nearly as much
power in national affairs as the upper house of our Congress, but a
seat in it means both honour and a living.
The House of Commons, the real arena of Canadian political life,
is a long, high-ceilinged room, with a broad aisle extending from the
door to the speaker’s dais. On each side of the aisle are rows of
double desks behind which sit the two hundred and thirty-five
members. Those belonging to the majority party are on the speaker’s
right, and those of the opposition on his left. The speaker’s big chair
is patterned after the one in the English House of Commons. I sat in
it and found it very uncomfortable. Above it is the coat of arms of
Canada, carved in wood from Westminster six hundred years old. All
around the chamber are galleries for visitors.
The members of the Canadian Congress are not as generously
provided for as ours. They get salaries of four thousand dollars a
year, with nothing extra for secretaries. Instead of cash mileage
allowances they receive railroad passes. The Parliament must meet
every year, and the sessions usually last from early in January until
May or June. Because of the tendency of members to go home
before the adjournment, the House passed a law imposing fines of
twenty-five dollars a day for absences during the final two weeks.
Our Congress might do well to enact a similar law.
Yesterday morning I drove out to Rideau Hall, a big gray stone
mansion in park-like grounds overlooking the Rideau and Ottawa
rivers. It is the residence of the Governor-General of Canada, the
representative of His Majesty, the King of Great Britain, and the
nominal head of the Canadian government. The Canadians pay him
a princely salary, furnish him this palatial country residence, and
make him a generous allowance for entertainment and travel. They
sincerely desire that he enjoy his five years among them, provided
that he does not interfere in the conduct of their affairs.
“Just consider,” said a Canadian statesman to me to-day, “that
the position of the Governor-General in Canada is identical with that
of the King in Great Britain. He is a symbol of the unity and continuity
of the empire, but his executive duties are purely formal, as he must
not take the initiative and must always get the advice of his
ministers. Control of the government may shift from one party to
another here as in England, but the Governor-General, like the King,
continues undisturbed in his office. When his term expires the King
names his successor, but no government in London dreams of
making the appointment until it has consulted with Ottawa and
ascertained that the man chosen is acceptable to us.”
The speaker was a man who has frequently held high offices in
the government. Like other Canadians I have met, he believes his
country has a more democratic form of government than that of the
United States.
“You know,” said he, “we in Canada marvel at the strange
spectacle you sometimes have in Washington of a president of one
party confronted by a majority in Congress of another party. To us,
responsible popular government under such conditions is
unthinkable. The majority in the House of Commons always forms
our government, or administration, as you call it, and the majority
leader becomes premier and head of the cabinet. As long as it is
supported by a majority of that house, the cabinet is the supreme
power of the land in federal affairs. As soon as it ceases to be
supported by the majority, it loses the right to govern and a new
ministry comes in. Under our system an election must be held every
five years, but it may be held oftener. For example, a prime minister
who has met defeat in the Commons may advise a dissolution of
Parliament and appeal at once to the people in a general election.
You Americans vote by the calendar, every two or four years; we
vote on specific issues as the need arises. Every one of our cabinet
ministers is an elected member of the House of Commons or a
member of the Senate, and must answer for all his official acts on
the floor of the House.”
I asked as to the present attitude toward the United States.
“It seems to me,” was the reply, “the relations between Canada
and the United States were never better than they are to-day. The
ancient grudges on our side of the border, and the loose talk of
annexation or absorption on yours, are now happily things of the
past. While we have an area greater than yours, and vast wealth in
natural resources, the fact that our population is only one twelfth of
yours means that you will for years to come exercise a strong
influence upon Canada.
“When you consider that the two countries have a joint border
more than three thousand miles long, on which there is no armed
force whatsoever; that they have created one joint commission that
settles all boundary disputes and another that disposes of questions
concerning waters common to both countries; that we are your
second best customer and that you are a large investor in our
enterprises; that many of our wage-workers have gone to you and
many of your farmers have come to us—taking all these things into
consideration, one may say that the two peoples have managed to
get along with one another in pretty good fashion.
“By closing your markets to us, through high tariffs, you
sometimes make things a bit difficult for some of our people. On the
other hand, we have erected some tariff barriers of our own. Our
fisheries, fruit industries, and manufactures now demand protection,
just as your farmers and others insist on having tariffs against some
Canadian products. Our people are divided by sectional interests,
just as yours are, and both governments have difficulty, at times, in
reconciling conflicting desires. But I think Washington and Ottawa
will always understand one another, and will work out successfully
their mutual problems of the future.”
Canada’s half million acres of timber contain fifty
per cent. of the forest resources of the entire British
Empire. The revenue from lumber and wood pulp
ranks next in value to that from agricultural products.
It takes a woodpile as big as a large apartment
house to carry one of Ottawa’s pulp mills through the
winter. These logs will make enough news print to
paper two roads reaching around the world.
With the United States as a “horrible example”,
Canada is trying to safeguard her forest from
destruction by fire or wasteful cutting. Airplanes are
frequently used by some of the provincial forest
patrols.
Few Americans realize how independent Canada is. She pays
not a dollar in taxes to the British, nor does she receive any funds
from the Imperial Treasury. The relations between the Dominion and
the Empire are not fixed by law, but, like the British constitution, are
unwritten and constantly changing. Canada maintains a High
Commissioner in London, concedes certain tariff preferences to
Great Britain and the other dominions, and her premier takes part in
the imperial conferences in London. In all other respects she goes
along in her own way and does exactly as she pleases. She played a
great part in the World War, and would undoubtedly fight again, but
only of her own free will. The people regard the Dominion as a
member of a “Commonwealth of Nations” united under the British
flag, and care little for talk of empire. They have even passed a law
putting an end to the system whereby the Crown conferred titles on
distinguished Canadians.
CHAPTER XII
THE LUMBER YARD OF AN EMPIRE
I am in the heart of one of the great timber producing districts of

Canada. Every year millions of feet of logs are floated down the
Ottawa River. This stream is eight hundred miles long, and, with its
tributaries, taps a vast area of forests that feed the maws of the
paper and the saw mills of the city of Ottawa. I have watched the
latter at their greedy work, which they carry on at such a pace that
the cry is being raised that the woodlands of the Dominion are being
denuded, and that conservation measures must be adopted.
I have seen great tree trunks squared into timbers so fast that it
was only a matter of seconds from the moment they came wet out of
the river until they were ready for market. My neck aches from
looking up at log piles as high as a six-story apartment, waiting to be
converted into matches in one of the world’s greatest match
factories. You can imagine the size of its output when I tell you that in
one year it paid the government nearly two million dollars in sales
taxes. At other mills piles of pulpwood, nearly as big, are soon to
become paper, and in one I watched huge rolls of news-print taken
off the machines and marked for shipment to the United States.
Canada is cutting down her forests at the rate of about three
thousand millions of feet a year. Still this is only a fraction of one per
cent. of the estimated timber resources of Canada, and the cutting
can go on for a century before the supply is consumed. In the area of
her forests the Dominion is exceeded only by Russia and the United
States and she is second to us in the amount of lumber produced.
The British Empire reaches around the globe, but half of all its forest
wealth is in Canada. Not only the United Kingdom, but South Africa,
the West Indies, Australia, and New Zealand depend on this country
for a good part of their lumber supply.
The Canadians are now getting from their trees a per capita
revenue of about seventy-five dollars a year, and this income their
government is trying to safeguard. They see in us a terrible example
of the extravagant use of natural resources. Of our eight hundred
and twenty-two million acres of virgin forest, only one sixth is left,
which we are cutting at a rate that will exhaust it in twenty-five years.
This does not allow for new growth, which we are eating up four
times faster than Nature produces it.
More than nine tenths of all the forest lands of Canada are
owned by the government, so that she is in better position than we to
control the cutting and provide for the future. In practically every
province, lands good only for trees are no longer sold, and one
fourth of the forest areas have been permanently dedicated to timber
production. Each province administers its own forests, and there is
much similarity in their conservation measures and other restrictions.
The usual practice is to sell cutting rights to the highest bidders,
under conditions that yield substantial revenues to the government
and make it possible to supervise operations.
It is estimated that two thirds of the original stands of timber
have been destroyed by forest fires, which are still causing
enormous losses. Large sums collected monthly from the timber
users are being spent for fire protection. Every railroad is compelled
by law to maintain extensive patrols on account of the sparks from
locomotives. Several of the provinces use airplanes equipped with
wireless telephones or radios to enable their observers to report
instantly any blaze they discover. Some of these planes are large
enough to carry crews of eight or ten men, who swoop down upon a
burning area as soon as it is sighted. In Manitoba an airplane
recently carried firefighters in thirty-two minutes to a forest that was
three days’ canoe journey from the nearest station.
Suppose we go up in one of these patrol planes, and take a look
at the forests of Canada. We shall have to travel over one million
square miles, for that is their area. One fourth of the land of the
Dominion is wooded. The forests begin with the spruces of the
Maritime Provinces and the south shore of the St. Lawrence and
extend across the continent to the Pacific slope, and northward to
the sub-arctic regions. There is still much hardwood left, especially
north of the Great Lakes, but the conifers, or evergreens, make up
about eighty per cent. of the standing timber, and furnish ninety-five
per cent. of the lumber and the pulpwood. In passing over southern
Manitoba, Saskatchewan, and Alberta, we shall see a vast area of
prairies, the lands which now form the great wheat belt. The
foresters say this land once had forests but that they were destroyed
by fire in ages past.
We see the finest trees near the end of our air journey. This is in
British Columbia, a province that contains the largest, most compact,
and most readily accessible stand of merchantable timber in all the
world. It has more than half the saw timber of Canada. In this area,
which includes the Rocky Mountains, the Douglas fir is the
predominant type. The trees are sometimes forty, fifty, and sixty feet
thick, and a single log will make a load for a car. A whole tree may fill
a train when cut into boards. Here sixty-foot timbers that will square
two or three feet are nicknamed “toothpicks.”
Twenty years ago the chief commercial wood of Canada was
white pine. It was then the aristocrat of the north woods, and was cut
from trees between one hundred and fifty and three hundred years
old. Its place has now been taken by the spruces, of which there are
five varieties. The spruces form about one third of all the standing
timber of Canada. The annual cut amounts to something like two
thousand million feet, or enough to build a board walk sixteen feet
wide all the way around the world. Notwithstanding this the
government foresters estimate that within the last twenty years
insects and fires have destroyed twice as much spruce as the
lumberjacks have cut down.
Canada’s supply of spruce is of enormous interest to us, for it
feeds a great many of our printing presses. In one single year
Canada has cut as much as four million cords of pulpwood, and four
fifths of this goes to the United States in the form of logs, pulp, and
finished paper. We Americans are the greatest readers on earth. We
consume about one third of the total world output of news-print
paper. Our presses use more than two million tons in a year, or
nearly twice as much as Europe, which has five times our
population.
A generation ago Canada had not a dozen pulp mills, and only
ten years ago its product was but one sixth that of the United States.
Since then our production has hardly increased, but the Canadian
output has so grown that it will soon exceed that of the States.
Indeed, the industry now ranks second in the Dominion. I have
before me estimates showing that machines already ordered for new
mills and additions will add to the Canadian capacity something like
four hundred thousand tons a year. Canada now has more than one
hundred paper mills, and if all were run full time at full speed, they
would turn out nearly two and one half million tons of paper in a year.
The world’s largest ground pulp mill is at Three Rivers, in Quebec,
the great paper-making centre I have mentioned in another chapter.
That province has also the largest single news-print mill, with
machines that are turning out a continuous sheet of paper more than
nineteen feet wide, at the rate of about eleven miles an hour, or
eighty thousand miles a year. Not long ago one hundred tons of
paper a day was the largest capacity of any mill. Now this is almost
the standard unit in the industry. A four-hundred-ton mill is operating
at Abitibi, and plants of five-hundred-ton daily capacity are already
planned for.
It takes about a cord of wood to make a ton of news-print, or
enough, if rolled out like a carpet, to paper the pavement of a city
street from curb to curb for a distance of three and one half miles. A
year’s output of a hundred-ton mill would make a paper belt six feet
wide reaching four times around the waist of old Mother Earth. Take
a big Sunday newspaper and spread its sheets out on the floor. You
will be surprised at the area they cover. Now if you will keep in mind
that it sometimes takes more than a hundred tons of paper to print a
single issue you will realize how fast the forests of Canada are being
converted into paper sufficient to blanket the earth.
It is several centuries since Shakespeare found
Tongues in trees, books in the running brooks,
Sermons in stones and good in everything.
It remained, however, for our age, and especially North America,

to make these tree tongues speak. The world never had enough
paper until the process of making it from wood was discovered, and
even now it can hardly cut down its forests fast enough to satisfy the
insatiable demand of the printing press. I have visited paper mills in
both the United States and Canada, and have watched the miracle
of transforming a log into the medium of paper that carries the
messages of our presidents, the doings of Congress, the news
sensations of the times, or the strips of comic pictures we see every
morning. Let me tell you how it is done.
Most of the Canadian paper mills are located on rivers. The trees
are cut during the winter, and hauled on sledges over ice and snow
to the banks of the nearest stream. In the spring the logs float down
with the freshets, and the only transportation expense is the crews of
men who follow the “drive” and keep the mass of logs moving.
Sometimes jams or blocks occur that can be loosened only by
dynamite. As the logs move down stream the mills catch them with
booms strung across the river. Each mill picks out its own logs and
releases the rest to continue their journey.
Labour agents in Montreal, Quebec, and other cities are now
recruiting gangs of lumberjacks for this season’s operations. A single
firm of this city employs six thousand men and has two thousand at
work in the woods every winter. The lumberjacks live in camps,
which each year are pushed farther north as the forests diminish.
The work is hard, but the men are well fed and have no expenses,
so that they can, if they choose, come out of the woods in the spring
with a good sum in cash.
At a mill, the logs are fed into the machinery by means of
conveyors, and they hardly stop moving until they come out as
paper. The first step is to cut them into two-foot lengths and strip off
the bark. Then they are ready for grinding. This is done in batteries
of mills, each containing a large grindstone making two hundred
revolutions a minute. Several of these two-foot lengths are put into a
mill at a time, and pressed against the grindstone in such a way that
they are rapidly torn into fine splinters. As the wood is ground up it
falls into the water in the lower part of the mill and flows off. I asked a
workman to open a mill I was watching to-day. As he did so I
reached in and drew out a handful of the dry pulp. It was hot, and I
asked if hot water was used. He replied that the water went into the
mill almost ice cold, but that the friction of grinding was so great that
it soon boiled and steamed.
The increasing demands of our printing presses
are pushing Canada’s lumberjacks farther and farther
into the forests to cut the spruce logs with which the
paper mills are fed.
Some of the money voted the Toronto Harbour
Commission to prepare the port for the shipping of the
future has been spent in providing the people with a
great beach playground at Sunnyside.
Although Ontario leads all other provinces in its
industries, it is essentially an agricultural region, well
adapted to mixed farming. The farmers have many
coöperative organizations that also go in for politics.
The wet pulp passes through various mixing and bleaching
processes, until it becomes a gray-white mush that looks like
chewed paper. It is then ready for the paper machines. It flows first
on to a broad belt of woven copper wire screening, many times finer
than anything you use in your windows. As it passes over this
moving belt, some of the water is sucked out, and a thin coating of
pulp remains. This passes on to a cloth belting that carries it over
and under a series of huge cylinders, heated by steam. These take
out the rest of the water, and the pulp has become a sheet of hot,
moist paper. Shiny steel rollers give the paper a smooth, dry finish. It
is then wound on great spindles, and made into the huge rolls that
every one has seen unloaded at newspaper offices.
In making paper, it is necessary to mix with the ground pulp a
certain proportion of sulphite pulp, made by a chemical instead of a
grinding process. For the sulphite the logs are cut into chips and put
into great vats, where they are steam cooked with sulphurous acid.
The acid disintegrates the wood, just as the stomach digests food,
but it does not destroy the fibre. The result is that sulphite pulp has a
longer, tougher fibre than the pulp obtained by grinding, and for this
reason it is mixed with the ground pulp to give the paper greater
toughness and strength.
Though it has not been very long since Canada discovered that
her pulpwood forests are worth more than her gold mines, she is far
from satisfied with the present situation. There is a growing
movement in favour of stopping the export of pulpwood to the United
States and insisting that it shall be manufactured into paper within
the Dominion. It is claimed that this will not only check depletion of
the forests, but will bring more paper mills to Canada. Those who
support the plan have calculated that Canada now gets ten dollars
out of every cord of pulpwood exported, half of which goes to the
railroads. If all the wood were milled before leaving the country, they
say, Canada would get five times as much, or fifty dollars instead of
ten out of each cord. The government has authority to enforce the
prohibition demanded, but the proposal meets with considerable
opposition. The small farmers especially say that they can now get
better prices for the spruce cut on their wood lots than if their market
was confined to Canada only.
At the present time the total investment in Canadian paper and
pulp mills is about four hundred million dollars, and the wages and
salaries paid amount to over forty millions a year. To manufacture all
the pulpwood now cut every twelve months would require one
hundred and fifty million dollars additional capital, the erection of
more than thirty new mills with a capacity of one hundred tons a day
each, and eight thousand employees earning in excess of eleven
million dollars a year.
As a matter of fact, our own paper business has already moved
to Canada to a far greater extent than is commonly realized. Many of
our largest newspapers have not only their own mills in Canada, but
they own also the timber on thousands of square miles of forest
lands. One estimate says sixty per cent. of the timber resources of
Canada are now owned or controlled by Americans. The other day,
while I was in Halifax, a group of Americans bought the timber on a
seven-thousand-acre tract in Nova Scotia. There are many similar
American holdings.
Canada’s water-power and her paper and pulp industry have
been developed together, and each is essential to the other. It takes
practically one hundred horse-power to produce a ton of paper a
day, and this means that the mills must locate near available water-
power or pay big bills for fuel. One of the water-power experts at
Ottawa tells me that on a recent date the paper and pulp mills were
using more than six hundred and thirty-seven thousand hydro-
electric horse-power every twenty-four hours, in contrast with only
sixty-two thousand horse-power in the form of steam. Some of the
mills get their power for only one tenth of a cent per kilowatt hour or
one one-hundredth of what residents of Washington, D. C, pay for
their electric light.

PDF Security and Privacy in Communication Networks 15Th Eai International Conference Securecomm 2019 Orlando FL Usa October 23 25 2019 Proceedings Part Ii Songqing Chen Ebook Full Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF Security and Privacy in Communication Networks 15Th Eai International Conference Securecomm 2019 Orlando FL Usa October 23 25 2019 Proceedings Part Ii Songqing Chen Ebook Full Chapter

Uploaded by

Copyright:

Available Formats

Security and Privacy in Communication

Networks 15th EAI International

Security and Privacy in Communication Networks 16th EAI

Security and Privacy in Communication Networks 16th EAI

HCI International 2019 Posters 21st International

HCI International 2019 Posters 21st International

Virtual Augmented and Mixed Reality Applications and

Social Computing and Social Media Communication and

Security and Privacy in Communication Networks 14th

Artificial Intelligence for Communications and

Security and Privacy

Editorial Board Members

Xinwen Fu Wenjing Lou

Aziz Mohaisen (Eds.)

Security and Privacy

ISSN 1867-8211 ISSN 1867-822X (electronic)

The importance of ensuring security and privacy in communications networks is

September 2019 Xinwen Fu

TPC Chair and Co-chairs

Sponsorship and Exhibit Chair

Publicity and Social Media Chairs

Technical Program Committee

Ashraf Matrawy Carleton University, Canada

TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams . . . . . . . . 3

Account Lockouts: Characterizing and Preventing Account

Application Transiency: Towards a Fair Trade of Personal Information

CustomPro: Network Protocol Customization Through Cross-Host

On the Security of TRNGs Based on Multiple Ring Oscillators . . . . . . . . . . 89

Secrecy on a Gaussian Relay-Eavesdropper Channel with a Trusted Relay . . . 108

Target Information Trading - An Economic Perspective of Security. . . . . . . . 126

Cyber Threat Analysis Based on Characterizing Adversarial

The Disbanding Attack: Exploiting Human-in-the-Loop Control

Generic Construction of ElGamal-Type Attribute-Based Encryption

Online Cyber Deception System Using Partially Observable Monte-Carlo

SEVGuard: Protecting User Mode Applications Using Secure

Blockchains and IoT

A Behavior-Aware Profiling of Smart Contracts . . . . . . . . . . . . . . . . . . . . . 245

A Performance-Optimization Method for Reusable Fuzzy Extractor Based

Detecting Root-Level Endpoint Sensor Compromises

Footprints: Ensuring Trusted Service Function Chaining in the World

Security and Analytics

Hecate: Automated Customization of Program and Communication

Phish-Hook: Detecting Phishing Certificates Using Certificate

IIFA: Modular Inter-app Intent Information Flow Analysis

Machine Learning, Privately

Adversarial False Data Injection Attack Against Nonlinear AC State

On Effectiveness of Adversarial Examples and Defenses

PrivC—A Framework for Efficient Secure Two-Party Computation . . . . . . . . 394

CoRide: A Privacy-Preserving Collaborative-Ride Hailing Service Using

Non-Interactive MPC with Trusted Hardware Secure Against Residual

A Study of the Multiple Sign-in Feature in Web Applications . . . . . . . . . . . 440

Authenticated LSM Trees with Minimal Trust . . . . . . . . . . . . . . . . . . . . . . 454

Modern Family: A Revocable Hybrid Encryption Scheme Based

A Nature-Inspired Framework for Optimal Mining of Attribute-Based

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Trustless Framework for Iterative Double Auction Based on Blockchain . . . . 3

Towards a Multi-chain Future of Proof-of-Space . . . . . . . . . . . . . . . . . . . . . 23

Secure Consistency Verification for Untrusted Cloud Storage

An Enhanced Verifiable Inter-domain Routing Protocol Based

Edge-Assisted CNN Inference over Encrypted Data for Internet of Things . . . 85

POKs Based Secure and Energy-Efficient Access Control for Implantable

USB-Watch: A Dynamic Hardware-Assisted USB Threat

Automated IoT Device Fingerprinting Through Encrypted