Designing Cybersecurity Measurement Systems for Global and Organizational Intelligence

Author

Bassel Succar, Louisiana State University and Agricultural and Mechanical CollegeFollow

Semester of Graduation

Fall 2025

Degree

Master of Science (MS)

Department

Division of Computer Science and Engineering

Document Type

Thesis

Abstract

The growing interdependence of digital infrastructures has expanded organizational

attack surfaces beyond traditional perimeters. This thesis tackles two complementary

problems with distinct methods: (i) generating Cyber Threat Intelligence (CTI) from DNS

cache snooping, where non-recursive queries to public resolvers reveal privacy-preserving

lower bounds on domain interest at global scale; and (ii) maintaining an always-current

view of external exposure by continuously discovering, contextualizing, and prioritizing

Internet-facing assets.

The first contribution, MudHunter, presents a distributed domain name system

(DNS) measurement framework that leverages cache-snooping to infer lower bounds on

domain access activity. By issuing non-recursive queries from 130 globally distributed van-

tage points, MudHunter estimates population-level domain interest without compromising

privacy or requiring authoritative visibility. The resulting empirical results reveal global

access behaviors, regional exposure trends, and malicious ecosystem signals, demonstrating

how passive DNS observation can inform CTI at scale.

The second contribution, the Continuous Threat Exposure Management (CTEM)

framework, operationalizes continuous external risk monitoring. It automates asset discov-

ery, vulnerability enrichment, and risk prioritization into a unified, data-driven pipeline.

The framework integrates large-scale scanning, correlation with structured vulnerability

sources (NVD, CISA KEV, EPSS), and dynamic exposure scoring to provide an always-

current view of organizational risk. A modular architecture, built around event buses, a

database, and RESTful APIs, supports continuous ingestion, enrichment, and visualization

through dashboards and automated interfaces.

viBoth systems share a unifying philosophy: meaningful security insight emerges

from continuous, measurement-based CTI. MudHunter embodies this principle by trans-

forming large-scale DNS cache observations into reproducible empirical evidence about

how global resolvers operate and how malicious infrastructure propagates through them.

CTEM, in turn, applies the same philosophy within organizational environments, continu-

ously measuring, enriching, and prioritizing security exposures through data-driven anal-

ysis. Together, these works advance the state of empirical cyber threat intelligence by

demonstrating that rigorous, measurement-based methodologies can yield deeper under-

standing and more transparent reasoning about the evolving threat landscape.

Date

10-31-2025

Recommended Citation

Succar, Bassel, "Designing Cybersecurity Measurement Systems for Global and Organizational Intelligence" (2025). LSU Master's Theses. 6238.
https://repository.lsu.edu/gradschool_theses/6238

Committee Chair

Bou-Harb, Elias