WSJ: 2 Universities Develop PREDATOR To Find Malicious Domains As Early As Registration

by

According to the Wall Street Journal “Researchers at Princeton and the University of California ​have developed a machine-learning algorithm that can detect malicious domain names.”

“The code scans for 22 features that are consistent with suspicious behavior, including names that are registered in bulk by the hundreds, names that are variations of the same name, random-looking names, and names with numerical characters.”

“The algorithm, published in a research paper this month, is called PREDATOR, which stands for Proactive Recognition and Elimination of Domain Abuse at Time-of-Registration.”

“In a five-month study of registration logs of 12.8 million “.com” and “.net” domains, the algorithm could determine 70% of malicious domains at the time they were registered–days or weeks faster than existing technologies that blacklist domain names.”

“The research found that non-criminals usually choose domain names that are easy to remember, whereas criminals choose random names because they’re buying in bulk in hopes of decreasing their chances of all their domain names being blacklisted.”

“In phishing attacks, variations of an established domain name or names with digits are used to trick users into clicking on a seemingly legitimate website, such as a bank account.”

It will be interesting to see what happens if they use the PREDATOR program for some of the new gTLD’s as well.

About Michael Berkens

Michael Berkens, Esq. is the founder and Editor-in-Chief of TheDomains.com. Michael is also the co-founder of Worldwide Media Inc. which sold around 70K domain to Godaddy.com in December 2015 and now owns around 8K domain names . Michael was also one of the 5 Judges selected for the the Verisign 30th Anniversary .Com contest.

Comments

  1. Andrew Rosener says

    You have to believe that the millions of numeric 6, 7 & 8 digit domains which have been registered at the time that they were taking their sample MUST have skewed their statistics!

    This would actually be a fairly dangerous tool as it may inadvertently blacklist legitimate domain registrations.

  2. Linton S Kerr says

    If any of these “researchers” ever got a Job with the FBI the persons who registered <DonaldDuckTrump.com or would be jailed within 24 hours .. I am shaking in my boots because I own . When I am sentenced my fine will probably be to pay off their student loans. If Journalists don’t write content they won’t get paid. So write they must – even if it is B.S.