Home / News I have a News Tip

New Technique Detects and Eliminates Abusive Domains at Time of Registration

Research from PREDATOR showing samples of brand-new registered spammer domains and blacklisting delays; some delays as long as several weeks, or even several months

A team of researchers from Princeton University and the University of California has developed a machine-learning algorithm named PREDATOR that can accurately establish domain reputation at the time of domain registration.

PREDATOR which stands for 'Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration,' is based on the notion that criminals need to obtain many domains to ensure profitability and attack agility, leading to abnormal registration behaviors such as burst registrations and textually similar names. "The intuition has always been that the way that malicious actors use online resources somehow differs fundamentally from the way legitimate actors use them," says Princeton University computer science professor Nick Feamster — one of the researchers who worked on the project. "We were looking for those signals: what is it about a domain name that makes it automatically identifiable as a bad domain name?"

The research team which, in addition to Feamster, included recently graduated Ph.D. student Shuang Hao, Alex Kantchelian and Vern Paxson from the University of California-Berkeley and Brad Miller from Google, presented their paper at the 2016 ACM Conference on Computer and Communications Security on Oct. 27. They explained:

"Miscreants register thousands of new domains every day to launch Internet-scale attacks, such as spam, phishing, and drive-by downloads. Quickly and accurately determining a domain's reputation (association with malicious activity) provides a powerful tool for mitigating threats and protecting users. Yet, existing domain reputation systems work by observing domain use (e.g., lookup patterns, content hosted) — often too late to prevent miscreants from reaping benefits of the attacks that they launch. ... Our results show that PREDATOR can provide more accurate and earlier detection compared to existing blacklists, and significantly reduce the number of suspicious domains requiring more resource-intensive or time-consuming inspection."

PREDATOR was evaluated using registration logs of second-level .com and .net domains over five months and was found achieving 70% detection rate with a false positive rate of 0.35%. Although the performance is not perfect, the group believes their system "enables prioritizing domains for subsequent, detailed analysis, and to find more malicious pages given a fixed amount of resources (e.g., via URL crawlers or human-involved identification)."

As valuable as conducting research studies such as PREDATOR are, Feamster has expressed concerns over looming restriction concerns as a result of the new upcoming Federal Communications Commission (FCC) privacy rules not may have unintended consequences within the research community. "Although the forthcoming rulemaking targets the collection, use, and sharing of customer data with 'third parties,' an important — and oft-forgotten — facet of this discussion is that (1) ISPs rely on the collection, use, and sharing of CPNI to operate and secure their networks and (2) network researchers (myself included) rely on this data to conduct our research." See Feamster's post published earlier today.

Related topics: Cybercrime, Cybersquatting, Domain Names, Registry Services, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

8 Tips to Find Your Perfect .COM Domain Name

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Radix Launches Startup League at TechCrunch

Celebrating One Year of .online

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

LogicBoxes Launches the New Elite Reseller Program

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Afilias Acquires Premium TLDs .ARCHI, .BIO and .SKI

Effective Strategies to Build Your Reseller Channel (Webinar)

Sponsored Topics