Evaluation of Anti-Abuse Strategies Among Hosting Providers

A data-driven analysis of malicious IPs and compliance practices

Master thesis (2025)

Authors

M. Niu Technology, Policy and Management

Contributors

Carlos Hernandez Ganan Organisation & Governance - TPM (mentor)
P. H A J M van Gelder (graduation committee member)
Marcela Tuler de Oliveira Information and Communication Technology - TPM (mentor)
Faculty
Technology, Policy and Management
More Info
expand_more

Published Date

17-02-2025

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Technology, Policy and Management

Abstract

Hosting providers are essential for maintaining the security and reliability of digital services, but they continue to face challenges from malicious activities in their network, such as malware and phishing. The European Union’s Digital Services Act (DSA) was introduced to improve accountability and create a safer online environment, but its effectiveness in helping hosting providers mitigate abuse remains unclear. This study investigates whether compliance with the DSA has contributed to reducing malicious activity among Dutch hosting providers and examines the broader relationship between compliance levels and cybersecurity outcomes.

This study evaluates the effectiveness of anti-abuse measures employed by Dutch hosting providers, with a focus on the role of the DSA in helping with compliance and reducing malicious activity. Specifically, it examines whether adherence to the DSA improves the ability of hosting providers to mitigate cyber threats, particularly in reducing the prevalence of malicious IP addresses. Using passive DNS data, the research examines changes in the prevalence of malicious IP addresses before and after the implementation of the DSA. Compliance levels were also analyzed to understand their correlation with malware percentages. The study employed statistical methods, including Interrupted Time Series (ITS) analysis and regression models, to evaluate trends and relationships between compliance and malicious activity.

The findings indicate no statistically significant reduction in malicious IP activity following the implementation of the DSA, suggesting that compliance alone does not automatically translate into improved security outcomes. While the DSA strengthens transparency and procedural accountability, hosting providers continue to face operational challenges in implementing effective anti-abuse measures. Factors such as cybercriminal adaptation, enforcement inconsistencies, and resource constraints likely influence the weak correlation between compliance and actual abuse reduction. These results shows the need for a more holistic approach to cybersecurity regulation, combining technical advancements, industry collaboration, and proactive security enforcement alongside regulatory compliance. Evaluating the effectiveness of frameworks like the DSA is essential to ensuring that they not only establish compliance standards but also provide hosting providers with practical tools to enhance online security and mitigate digital threats effectively.

Files

Final_thesis_submission_Meixua... (pdf)
(pdf | 0.606 Mb)
Unknown license