Janos Szurdi

Ph.D. Candidate at Cylab, Carnegie Mellon University.
Currently living in: Pittsburgh, Pennsylvania
E-mail: jszurdi at andrew dot cmu dot edu

I'm fortunate to be advised by Nicolas Christin.

Reseach interests
I am fascinated by a wide variety of problems concerning computer security and policy.

The primary focus of my research is to empirically analyze and model various types of online criminal activities to understand how we can better defend users. Domain names play a crucial role in these illicit online ecosystems; for example, domain names are used to evade blacklisting, to fool users or to siphon user traffic exploiting search engines or user mistakes. My Ph.D. thesis focuses on how users' typing mistakes can be leveraged to profit from abusive domain registrations.

During my Ph.D., I have developed additional research interests related to censorship, reputation systems, blockchain governance, applied machine learning and Internet governance.

Present research projects I am working on include:

  • Measuring how Traffic Distribution Systems are leveraged for online crime.
  • Studying how Internet governance can help in the fight against abusive domain names.
  • Modeling the evolution of governance in blockchain-based technologies.

You can learn more about my past and present research projects at the Research & Studies page or at my Google Scholar page.

Short Bio
I have received my B.Sc. degree in Computer Engineering from the Budapest University of Technology and Economics (BME) in 2010. I was doing research under the supervision of Zoltan Faigl at the Mobile Innovation Center (MIK) from 2010 to 2011. In 2011-2012 I wrote my thesis under the guidance of Mark Felegyhazi at the Laboratory of Cryptography and System Security (CrySyS Lab), and received my M.Sc. degree in Computer Engineering from the Budapest University of Technology and Economics (BME) in 2012 awarded excellent with highest honors. From 2011 to 2012 I worked at Sonrisa Kft. as a front-end and Java developer. I joined the CrySyS Lab as a research assistant for 7 months in 2013. Since 2013 I am a Ph.D. student at Cylab under the supervision of Nicolas Christin at Carnegie Mellon University.

Janos Szurdi and Nicolas Christin.
Domain Registration Policy Strategies and the Fight against Online Crime.
In Proceedings (online) of the 17th Workshop on Economics of Information Security (WEIS 2018).

Tyler Moore, Nicolas Christin, and Janos Szurdi.
Revisiting the Risks of Bitcoin Currency Exchange Closure.
In Proceedings of ACM Transactions on Internet Technology. 2018.

Janos Szurdi and Nicolas Christin.
Email Typosquatting.
In Proceedings of the 2017 ACM Internet Measurement Conference (IMC'17). London, UK. Nov. 2017.
[Appendix] [BibTeX]

Zachary Weinberg, Mahmood Sharif, Janos Szurdi, and Nicolas Christin.
Topics of Controversy: An Empirical Analysis of Web Censorship Lists.
In Proceedings of the Privacy Enhancing Technology Symposium (PETS 2017), July 2017.

J. Szurdi, B. Kocso, G. Cseh, J. Spring, M. Felegyhazi, and C. Kanich,
The Long Taile of Typosquatting Domain Names,
In Proceedings of Usenix Security Symposium 2014, Aug. 2014.

T. Halvorson, J. Szurdi, G. Maier, M. Felegyhazi, C. Kreibich, N. Weaver, K. Levchenko, and V. Paxson,
The BIZ Top-Level Domain: Ten Years Later,
In Proceedings of Passive Active Measurements (PAM 2012), Vienna, Austria, March 12-14, 2012.

Current research projects
- The Role of Traffic Distribution Systems in Online Crime

When users visit typosquatting pages or pages hosting illegal content, they are often sent to a Traffic Distribution System (TDS), which means they are redirected through a set of domain names to their final landing page. This landing page is where they are presented with malicious content. However, very little is known why, where and how users are directed in TDSs.

Our goal is to gain a more detailed understanding of these TDS ecosystems through extensive longitudinal measurements.

- Domain Registration Policy Strategies and the Fight against Online Crime

When studying online crime and malicious domain registrations, research usually focuses on detection. Unfortunately, how certain policies could be useful in preventing these registrations is rarely mentioned. Our goal is to study how domain registration policies could help to make malicious domain registrations non-profitable. To achieve this goal, we work on systemizing knowledge on potentially useful policies and ultimately, we plan to provide a comprehensive framework to analyze these policies. Our paper published at WEIS 2018 is the first step towards achieving a better understanding of registration policies, and we plan on improving it through the feedback we received.

The summary of our WEIS paper on domain registration policies:
We developed an analysis framework to evaluate how domain registration policies such as increasing price, incentivizing registrars or stricter verification could be useful against online crime. Next, we designed a game theoretical model to analyze the effects of dynamic pricing of domain names. We concluded that a combination of detection tools and proposed policies could make the vast majority of the studied malicious domain registrations economically non-viable.

Past research projects
+ Revisiting the Risks of Bitcoin Currency Exchange Closure - 2018

Published at ToIT 2018.

Bitcoin was originally designed to be an entirely decentralized cryptocurrency independent of any central authority. However, nowadays mining pools, mixers, wallet services, and exchanges make Bitcoin more centralized, increasing the probability of fraud.

In this paper, we analyzed the risks involved with using Bitcoin exchanges. We collected breach events, exchange volume data and several other properties to understand what factors into the risk of using a particular exchange.

We found that experiencing a breach is correlated with 13-times greater odds that an exchange will close in that same quarter. We also discovered that higher-volume exchanges are less likely to close, where each doubling in trade volume corresponds to a 12 percent decrease in the odds of closure.

+ Email Typosquatting - 2017

Published at IMC 2017.

The past 15 years of typosquatting research focused solely on web typosquatting. However, our previous research has shown that there is a great potential for typosquatting targeting protocols other than the web. The goal of this project was to understand the threat posed by email typosquatting.

We designed and implemented a distributed infrastructure to collect and process millions of spam and ham emails sent daily to typosquatting domains registered by us. We also developed a regression model to understand the impact of email typosquatting on users in the wild.

We found that users send hundreds of thousands of emails per year to 1,211 typosquatting domains and that these emails often contain sensitive information. Furthermore, our findings indicate that several typosquatters have an infrastructure in place to collect emails from tens of thousands of domain names.

+ Topics of Controversy: An Empirical Analysis of Web Censorship Lists. - 2017

Published at PETS 2017.

Research on censorship often leverages existing lists of known censored pages for validation. Unfortunately, these lists are often outdated, overlap, and do not cover some topics.

We developed an infrastructure to analyze the content, topic and lifetime of pages in these censorship lists, in order to understand how we could create better lists in the future.

First, we found that these lists often focus on a couple of topics too deeply, therefore researchers might want to balance the number of pages they use from each topic for their research. Second, pages covering controversial subjects have a shorter than average lifetime, and consequently, these lists need to be frequently maintained to keep them useful for analysis.

+ The Long "Taile" of Typosquatting Domain Names - 2014

Published at USENIX Security 2014.

Previous work focused only on typosquatting targeting the most popular domain names and did not look at temporal evolution. Our focus was to study typosquatting on a large scale including typosquatting domains targeting less popular domain names.

To achieve this goal, we developed a three step methodology to find typosquatting domain names. We started by creating a list of millions of potential typosquatting domain names from joining the .com zone and Alexa's top 1 million domain list. Then, we collected Whois, DNS and web data for each candidate typosquatting domain name. And finally, using features extracted from the collected data, we classified domain names as true typosquatting (domains registered to profit from users' typing mistake) or not.

We found millions of true typosquatting domains often targeting less popular domain names. We showed that the number of typosquatting domain names steadily increases. Additionally, we discovered that typosquatting infrastructure is concentrated and a few name servers and registrars are used by the majority of typosquatters. Finally, we found that there is infrastructure specifically tailored for typosquatting where some name servers serve mainly typosquatting domain names.

+ The BIZ Top-Level Domain: Ten Years Later - 2012

Published at PAM 2012.

The goal of this project was to understand how domain names are used in the .biz Top-Level domain ten years after its introduction to DNS. We hoped to gain insight on the usefulness of the new gTLD program introduced by ICANN.

To achieve this goal, we collected and analyzed Whois records, DNS records, and the content of the main webpage of all 2 million .biz domain names and their .com namesakes.

We found that .biz haven't been able to catch up in popularity with .com and it induced a significant amount of speculative and defensive registrations.

+ Research on Domain Name Registrations at the Laboratory of Cryptography and System Security (CrySyS Lab) - 2012

Under the guidance of Dr. Mark Felegyhazi, Assistant professor at CrySyS Lab, I researched why people are registering domain names and how cybercriminals are abusing the Domain Name System. I was interested in three dimensions for categorization: 1. Topic (news, adult, IT, etc.), 2. Maliciousness (malicious or benign), 3. Whether the domain is active or passive (parking, defensive, redirected, etc.). For my M.Sc. thesis, I focused on the lexical properties of domain names. More details can be found in my M.Sc. thesis: Understanding the purpose of domain registrations

+ Research on Mobile Networking Architecture at the Mobile Innovation Center (MIK) - 2011

Under the guidance of Zoltan Faigl, Researcher at MIK, I studied future architectures for mobile packet switched traffic. Knowing that in the next decades the broadband mobile packet switched traffic load will be multiplied, presented a key challenge: to have a scalable architecture for mobile networks. At the time, hierarchical and central solutions were supported, but the question was: whether a decentralized architecture would make mobile networks more scalable. I made a discrete linear programming model for both types of architectures (hierarchical and decentralized) to find out which is more scalable in the long-term.

+ Classes taken at Carnegie Mellon University:
  • Introduction to Computer Security 18-730: A
  • Secure Software Systems 18-732: A
  • Machine learning 10-601: A
  • Machine learning 10-701: A-
  • Artificial Intelligence Methods for Social Good 08-737: A
+ Classes taken at Budapest University of Technology and Economics (BME):
  • Information Security: Good
  • Security Protocols: Good (Excellent at final exam)
  • Cryptography and Its Applications: Excellent
  • Foundation of Secure Electronic Commerce: Excellent (Excellent at final exam)
  • Secure Communication System Laboratory Exercise I: Good
  • Secure Communication System Laboratory Exercise II: Excellent
  • Practical Network Security: Excellent
  • Newtorking Architectures: Excellent
  • Mobile infocommunication networks: Good
  • Navigation Services and Applications: Excellent

Teaching experience:

  • 2014 spring:Teaching Assistant for Network Security - 18-731 Lectured by Prof. Nicolas Christin at Carnegie Mellon University
  • 2014 fall: Teaching Assistant for Introduction to Information Security - 18-631 Lectured by Prof. Nicolas Christin at Carnegie Mellon University

Fellowships and grants:

  • 2018 - ICANN63 Fellowship
  • 2018 - National Science Foundation Student Travel Grant for WEIS 2018
  • 2014 - 23rd USENIX Security Symposium Student Grant
  • 2014 - 4th Bar-Ilan Winter School on Cryptography Student Stipend
  • 2013 - Ann and Martin McGuinn Graduate Fellowship
  • 2013 - Carnegie Institute of Technology Dean's Tuition Fellowship


Slides about Domain Registration Policy Strategies and the Fight against Online Crime

Slides about Email Typosquatting

Slides about The Long Taile of Typosquatting Domain Names
Lightning talk presentation created by Mark Felegyhazi for Usenix Security 2014:

When I have a little spare time I enjoy:


  • I am using a 150/750 Newtonian telescope to study astronomy and to discover our Universe and its phenomena.
  • I am also interested in the astrophysical background of these phenomena.

Martial Arts

  • Currently, I am actively practicing: Kendo
  • I have practiced many forms of martial arts since I was eight years old: Kendo, Judo, Ninjutsu, Southern Mantis Kung Fu, Kempo, Shinkendo etc.


  • My devoted passion for skateboarding is now 20 years old.