The ability to rank results according to the level of threat they pose (based on factors such as, for example, the extent to which a webpage relates to a brand of interest) is a key component of many brand protection services. The prioritisation process has a number of purposes, including the identification of: (a) priority targets for further analysis; (b) candidates for content tracking (i.e. regular reinspection of content or configuration, and the generation of an alert if high-concern findings are identified)—as may be appropriate in cases where a domain name presents a high potential level of risk but is not currently associated with any live site content; and (c) priority targets for enforcement actions.

Basic prioritisation algorithms may take account just of simple factors such as keyword-based analysis of website page content. However, there are other characteristics of a website, domain name or URL which can be used as inputs into a generalised threat-scoring algorithm, many of which can apply even in the absence of any associated live webpage content.

The domain name constitutes a special area of analysis, since it is associated with many inherent features (including registrant, registrar and hosting characteristics, presence of MX records, SSL certificate providers, web traffic, and specific features of the domain name itself, such as the presence of a brand name or variant, the TLD, and the domain name ‘entropy’), which can be analysed to give an indication of the level of potential threat.

A new study, of which the full version is accessible via the link below, considers a set of such features, and uses case studies to illustrate how they can potentially be used to prioritise results by their potential level of concern, and thereby serve (if suitably ‘weighted’) as inputs into an overall threat-scoring algorithm.

The study also discusses how, for other Internet channels, additional features which are easily extractable from the page content may be relevant to an overall determination of level of potential concern. For e-commerce marketplace listings, these parameters might typically include price point and item quantity; for other areas, it may be appropriate to include other data points as ‘proxies’ for the features which would normally be considered (e.g. numbers of ‘likes’, shares or comments, in place of website traffic, for content on social media).

To download a copy of the full study, click here.