This week, along with other student researchers I was able to meet with a visiting researcher, Saiha Guha, who came to give talk about his paper, “Characterizing Large-Scale Click Fraud in ZeroAccess“. This was an opportunity to discuss my research and receive feedback and insights. Having previously written the Poster Abstract was quite helpful, as I was able to succinctly explain the goals and methods of my research.
In terms of the WhoWas data, as suspected the reverse DNS lookups on a few IP clusters resolved the generic format and not shared domain name. I have extracted a list of unique servers from the WhoWas data and am in the process of looking through to identify load-balancing servers. At initial glance it appears Apache, followed by nginx are the most common servers, but we will continue to look for other services.