Audrey Randall

About Me

I am a PhD student at the University of California San Diego (UCSD), working with Aaron Schulman, Geoff Voelker, and Stefan Savage.

Research Interests

Internet Measurement | Security | Privacy | Networking

Current Projects


Certain phenomena on the Internet, such as the prevalence of stalkerware, contract cheating services, or phishing domains, are difficult to measure because of their sensitive and rare natures. However, all of these phenomena are visible within the Domain Name System. With the rise of public DNS resolvers such as Google Public DNS, Cloudflare DNS OpenDNS, and Quad9, a new opportunity has arisen to study the prevalence of such occurrences using DNS cache sniffing. Cache sniffing on public resolvers, in contrast to previous work published on small, misconfigured open resolvers, can yield far more information, while at the same time preserving privacy. However, public resolvers have complex and unique caching behaviors that also make cache sniffing far more difficult. We studied the caching strategies of four public DNS resolvers and present a method for using DNS cache sniffing on each of them. We then built a tool, Trufflehunter, to estimate the popularity of the aforementioned applications, which is difficult to measure by other means.

Network Hygiene

Common security advice includes injunctions such as "Update your operating system," "run antivirus," and "change your passwords frequently." However, there isn't much information available about if this advice actually lowers a user's chances of getting infected by malware. Working with a unique network vantage point, we are attempting to measure the correlations between user behaviors and infection rates to see what behavioral factors are actually likely to get you owned online.

Past Projects

Censorship Circumvention in China

I worked with Prof. Eric Wustrow at University of Colorado Boulder to create a tool called Metis that could predict which websites a user visited were likely to be censored, so that it could route only those websites through a censorship circumvention tool, and connect to the others directly. The idea was that circumvention tools are usually slow, because they connect to EVERY website through circuitous routes, not just the ones that would get blocked. Metis could also collect aggregate information about which websites were blocked, to give the research community a better idea of which sites get censored where. I implemented differential privacy (Google's RAPPOR) to protect user privacy. This project was never deployed, but I learned a lot in the process.